SOURCES: binutils-pr-5788.patch (NEW) - memory corruption fix

arekm arekm at pld-linux.org
Thu Mar 6 22:07:18 CET 2008 

Author: arekm                        Date: Thu Mar  6 21:07:18 2008 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- memory corruption fix

---- Files affected:
SOURCES:
   binutils-pr-5788.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/binutils-pr-5788.patch
diff -u /dev/null SOURCES/binutils-pr-5788.patch:1.1
--- /dev/null	Thu Mar  6 22:07:18 2008
+++ SOURCES/binutils-pr-5788.patch	Thu Mar  6 22:07:13 2008
@@ -0,0 +1,48 @@
+2008-02-22  H.J. Lu  <hongjiu.lu at intel.com>
+
+	PR ld/5788
+	* elflink.c (elf_create_symbuf): Correct buffer size and
+	position.
+
+--- bfd/elflink.c	20 Feb 2008 17:42:35 -0000	1.297
++++ bfd/elflink.c	23 Feb 2008 00:02:05 -0000	1.298
+@@ -6870,7 +6870,7 @@ elf_create_symbuf (bfd_size_type symcoun
+   Elf_Internal_Sym **ind, **indbufend, **indbuf;
+   struct elf_symbuf_symbol *ssym;
+   struct elf_symbuf_head *ssymbuf, *ssymhead;
+-  bfd_size_type i, shndx_count;
++  bfd_size_type i, shndx_count, total_size;
+ 
+   indbuf = bfd_malloc2 (symcount, sizeof (*indbuf));
+   if (indbuf == NULL)
+@@ -6890,15 +6890,16 @@ elf_create_symbuf (bfd_size_type symcoun
+       if (ind[0]->st_shndx != ind[1]->st_shndx)
+ 	shndx_count++;
+ 
+-  ssymbuf = bfd_malloc ((shndx_count + 1) * sizeof (*ssymbuf)
+-			+ (indbufend - indbuf) * sizeof (*ssymbuf));
++  total_size = ((shndx_count + 1) * sizeof (*ssymbuf)
++		+ (indbufend - indbuf) * sizeof (*ssym));
++  ssymbuf = bfd_malloc (total_size);
+   if (ssymbuf == NULL)
+     {
+       free (indbuf);
+       return NULL;
+     }
+ 
+-  ssym = (struct elf_symbuf_symbol *) (ssymbuf + shndx_count);
++  ssym = (struct elf_symbuf_symbol *) (ssymbuf + shndx_count + 1);
+   ssymbuf->ssym = NULL;
+   ssymbuf->count = shndx_count;
+   ssymbuf->st_shndx = 0;
+@@ -6916,7 +6917,9 @@ elf_create_symbuf (bfd_size_type symcoun
+       ssym->st_other = (*ind)->st_other;
+       ssymhead->count++;
+     }
+-  BFD_ASSERT ((bfd_size_type) (ssymhead - ssymbuf) == shndx_count);
++  BFD_ASSERT ((bfd_size_type) (ssymhead - ssymbuf) == shndx_count
++	      && (((bfd_hostptr_t) ssym - (bfd_hostptr_t) ssymbuf)
++		  == total_size));
+ 
+   free (indbuf);
+   return ssymbuf;
================================================================

More information about the pld-cvs-commit mailing list