This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
[Patch] derelocate.c find_section must check next section exists
- From: Mark Wielaard <mjw at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Tue, 25 Sep 2012 10:51:04 +0200
- Subject: [Patch] derelocate.c find_section must check next section exists
Hi,
While playing with valgrind I saw this:
==28430== Invalid read of size 8
==28430== at 0x4E48AC5: find_section (derelocate.c:321)
==28430== by 0x4E48D58: dwfl_module_address_section (derelocate.c:366)
==28430== by 0x400B06: main (dwfl-addr-sect.c:38)
==28430== Address 0x62a9a48 is not stack'd, malloc'd or (recently) free'd
Valgrind is right, there is an off-by-one check failure that can mean we
access beyond the end of an array. The following fixes it:
2012-09-25 Mark Wielaard <mjw@redhat.com>
* derelocate.c (find_section): Check next section exists before
accessing it.
Cheers,
Mark
diff --git a/libdwfl/derelocate.c b/libdwfl/derelocate.c
index e3fcba8..56f998c 100644
--- a/libdwfl/derelocate.c
+++ b/libdwfl/derelocate.c
@@ -317,7 +317,7 @@ find_section (Dwfl_Module *mod, Dwarf_Addr *addr)
inside the next one. A section limit address can appear in
line records. */
if (*addr == sections->refs[idx].end
- && idx < sections->count
+ && idx + 1 < sections->count
&& *addr == sections->refs[idx + 1].start)
++idx;