SOURCES: binutils-pr-5788.patch (NEW) - memory corruption fix
arekm
arekm at pld-linux.org
Thu Mar 6 22:07:18 CET 2008
Author: arekm Date: Thu Mar 6 21:07:18 2008 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- memory corruption fix
---- Files affected:
SOURCES:
binutils-pr-5788.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/binutils-pr-5788.patch
diff -u /dev/null SOURCES/binutils-pr-5788.patch:1.1
--- /dev/null Thu Mar 6 22:07:18 2008
+++ SOURCES/binutils-pr-5788.patch Thu Mar 6 22:07:13 2008
@@ -0,0 +1,48 @@
+2008-02-22 H.J. Lu <hongjiu.lu at intel.com>
+
+ PR ld/5788
+ * elflink.c (elf_create_symbuf): Correct buffer size and
+ position.
+
+--- bfd/elflink.c 20 Feb 2008 17:42:35 -0000 1.297
++++ bfd/elflink.c 23 Feb 2008 00:02:05 -0000 1.298
+@@ -6870,7 +6870,7 @@ elf_create_symbuf (bfd_size_type symcoun
+ Elf_Internal_Sym **ind, **indbufend, **indbuf;
+ struct elf_symbuf_symbol *ssym;
+ struct elf_symbuf_head *ssymbuf, *ssymhead;
+- bfd_size_type i, shndx_count;
++ bfd_size_type i, shndx_count, total_size;
+
+ indbuf = bfd_malloc2 (symcount, sizeof (*indbuf));
+ if (indbuf == NULL)
+@@ -6890,15 +6890,16 @@ elf_create_symbuf (bfd_size_type symcoun
+ if (ind[0]->st_shndx != ind[1]->st_shndx)
+ shndx_count++;
+
+- ssymbuf = bfd_malloc ((shndx_count + 1) * sizeof (*ssymbuf)
+- + (indbufend - indbuf) * sizeof (*ssymbuf));
++ total_size = ((shndx_count + 1) * sizeof (*ssymbuf)
++ + (indbufend - indbuf) * sizeof (*ssym));
++ ssymbuf = bfd_malloc (total_size);
+ if (ssymbuf == NULL)
+ {
+ free (indbuf);
+ return NULL;
+ }
+
+- ssym = (struct elf_symbuf_symbol *) (ssymbuf + shndx_count);
++ ssym = (struct elf_symbuf_symbol *) (ssymbuf + shndx_count + 1);
+ ssymbuf->ssym = NULL;
+ ssymbuf->count = shndx_count;
+ ssymbuf->st_shndx = 0;
+@@ -6916,7 +6917,9 @@ elf_create_symbuf (bfd_size_type symcoun
+ ssym->st_other = (*ind)->st_other;
+ ssymhead->count++;
+ }
+- BFD_ASSERT ((bfd_size_type) (ssymhead - ssymbuf) == shndx_count);
++ BFD_ASSERT ((bfd_size_type) (ssymhead - ssymbuf) == shndx_count
++ && (((bfd_hostptr_t) ssym - (bfd_hostptr_t) ssymbuf)
++ == total_size));
+
+ free (indbuf);
+ return ssymbuf;
================================================================
More information about the pld-cvs-commit
mailing list