This is the mail archive of the binutils@sources.redhat.com mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Memory overrun bug in CVS arm-elf-ld

From: Nick Clifton <nickc at redhat dot com>
To: "Michael Checky" <Michael_Checky at Thermoking dot com>
Cc: binutils at sources dot redhat dot com
Date: Tue, 17 Jun 2003 10:53:04 +0100
Subject: Re: Memory overrun bug in CVS arm-elf-ld
References: <OFDBCB90D1.138F099C-ON86256D47.00539E2D@ingerrand.com>

Hi Michael,

> I'll try this mailing list since bug-binutils@gnu.org is full of spam.

I did see your email there, but I was slow at responding, sorry.

> I've found a memory overrun bug in arm-elf-ld, in versions 2.13.2.1 and
> CVS, which causes a segmentation fault.

Thanks for reporting this and providing a test case.  It turns out the
bug was a generic linker problem, not just arm-elf specific.  The
patch below fixes the bug and I will be applying it to the sources
(and the 2.14 branch) shortly.

Cheers
        Nick

2003-06-17  Nick Clifton  <nickc@redhat.com>

	* elflink.h (elf_gc_record_vtentry): Allocate an extra element
        in the vtable_entries_used array to allow for the accessing
        the largest element.

Index: bfd/elflink.h
===================================================================
RCS file: /cvs/src/src/bfd/elflink.h,v
retrieving revision 1.228
diff -c -3 -p -r1.228 elflink.h
*** bfd/elflink.h	3 Jun 2003 22:27:22 -0000	1.228
--- bfd/elflink.h	17 Jun 2003 09:47:12 -0000
*************** elf_gc_record_vtentry (abfd, sec, h, add
*** 6283,6289 ****
    struct elf_backend_data *bed = get_elf_backend_data (abfd);
    unsigned int log_file_align = bed->s->log_file_align;
  
!   if (addend >= h->vtable_entries_size)
      {
        size_t size, bytes;
        bfd_boolean *ptr = h->vtable_entries_used;
--- 6283,6289 ----
    struct elf_backend_data *bed = get_elf_backend_data (abfd);
    unsigned int log_file_align = bed->s->log_file_align;
  
!   if (addend > h->vtable_entries_size)
      {
        size_t size, bytes;
        bfd_boolean *ptr = h->vtable_entries_used;
*************** elf_gc_record_vtentry (abfd, sec, h, add
*** 6304,6311 ****
  	}
  
        /* Allocate one extra entry for use as a "done" flag for the
! 	 consolidation pass.  */
!       bytes = ((size >> log_file_align) + 1) * sizeof (bfd_boolean);
  
        if (ptr)
  	{
--- 6304,6312 ----
  	}
  
        /* Allocate one extra entry for use as a "done" flag for the
! 	 consolidation pass and another extra entry because we are
! 	 going to write up to and including 'size' entries.  */
!       bytes = ((size >> log_file_align) + 2) * sizeof (bfd_boolean);
  
        if (ptr)
  	{

Follow-Ups:
- Re: Memory overrun bug in CVS arm-elf-ld
  - From: Alan Modra

References:
- Memory overrun bug in CVS arm-elf-ld
  - From: Michael Checky

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]