This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
Memory corruption handling x86 relocs
- To: binutils at sources dot redhat dot com
- Subject: Memory corruption handling x86 relocs
- From: fnf at ninemoons dot com
- Date: Thu, 8 Feb 2001 14:15:49 -0700 (MST)
- Cc: fnf at be dot com
- Reply-To: fnf at be dot com
I have a test case that triggers internal memory corruption in BFD
when processing x86 relocs during linking. Basically either BFD is
incorrectly computing the amount of space needed, or is incorrectly
trying to store more relocs than it should, overwriting some other
pointers.
I've spent several hours trying to figure out which, but I'm not that
familiar with the relevant code sections in elf_i386_check_relocs and
elf_i386_relocate section.
I suspect that the problem may be more widespread than just my
specific test case, but isn't being noticed. I'd recommend the
following patch, at least for a while, to see if there is a more
general problem here.
-Fred
Index: elf32-i386.c
===================================================================
RCS file: /cvsroot/gg/sourceware/binutils/bfd/elf32-i386.c,v
retrieving revision 1.1.1.4
diff -c -p -r1.1.1.4 elf32-i386.c
*** elf32-i386.c 2001/01/30 00:03:52 1.1.1.4
--- elf32-i386.c 2001/02/08 21:10:24
*************** elf_i386_relocate_section (output_bfd, i
*** 1710,1715 ****
--- 1710,1716 ----
}
}
+ BFD_ASSERT (sreloc->reloc_count < (sreloc->_raw_size / sizeof (Elf32_External_Rel)));
bfd_elf32_swap_reloc_out (output_bfd, &outrel,
(((Elf32_External_Rel *)
sreloc->contents)