This is the mail archive of the binutils-cvs@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[binutils-gdb] Fix memory corruption when assembling an i386 darwin source file.

From: Nick Clifton <nickc at sourceware dot org>
To: bfd-cvs at sourceware dot org
Date: 10 Aug 2017 10:52:21 -0000
Subject: [binutils-gdb] Fix memory corruption when assembling an i386 darwin source file.

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4c2da80c2bdff7761eb5b3d9c03ffa0c9958b6b9

commit 4c2da80c2bdff7761eb5b3d9c03ffa0c9958b6b9
Author: Nick Clifton <nickc@redhat.com>
Date:   Thu Aug 10 11:51:42 2017 +0100

    Fix memory corruption when assembling an i386 darwin source file.
    
    	PR gas/21939
    	* config/obj-macho.c (obj_mach_o_set_indirect_symbols): Increase
    	size of indirect_syms array so that it is large enough to hold
    	every symbol if necessary.

Diff:
---
 gas/ChangeLog          |  7 +++++++
 gas/config/obj-macho.c | 22 +++++++++++++++++-----
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/gas/ChangeLog b/gas/ChangeLog
index 3edb179..adeb38b 100644
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,3 +1,10 @@
+2017-08-10  Nick Clifton  <nickc@redhat.com>
+
+	PR gas/21939
+	* config/obj-macho.c (obj_mach_o_set_indirect_symbols): Increase
+	size of indirect_syms array so that it is large enough to hold
+	every symbol if necessary.
+
 2017-08-09  Jiong Wang  <jiong.wang@arm.com>
 
 	* config/tc-arm.c (do_crc32_1): Remove warning on REG_SP for thumb_mode.
diff --git a/gas/config/obj-macho.c b/gas/config/obj-macho.c
index 28867bd..8cc9581 100644
--- a/gas/config/obj-macho.c
+++ b/gas/config/obj-macho.c
@@ -1808,15 +1808,21 @@ obj_mach_o_set_indirect_symbols (bfd *abfd, asection *sec,
 	    {
 	      unsigned n;
 	      bfd_mach_o_asymbol *sym;
+
+	      /* FIXME: It seems that there can be more indirect symbols
+		 than is computed by the loop above.  So be paranoid and
+		 allocate enough space for every symbol to be indirect.
+		 See PR 21939 for an example of where this is needed.  */
+	      if (nactual < bfd_get_symcount (abfd))
+		nactual = bfd_get_symcount (abfd);
+
 	      ms->indirect_syms =
 			bfd_zalloc (abfd,
 				    nactual * sizeof (bfd_mach_o_asymbol *));
 
 	      if (ms->indirect_syms == NULL)
-		{
-		  as_fatal (_("internal error: failed to allocate %d indirect"
-			      "symbol pointers"), nactual);
-		}
+		as_fatal (_("internal error: failed to allocate %d indirect"
+			    "symbol pointers"), nactual);
 
 	      for (isym = list, n = 0; isym != NULL; isym = isym->next, n++)
 		{
@@ -1827,7 +1833,11 @@ obj_mach_o_set_indirect_symbols (bfd *abfd, asection *sec,
 
 		     Absolute symbols are handled specially.  */
 		  if (sym->symbol.section == bfd_abs_section_ptr)
-		    ms->indirect_syms[n] = sym;
+		    {
+		      if (n >= nactual)
+			as_fatal (_("internal error: more indirect mach-o symbols than expected"));
+		      ms->indirect_syms[n] = sym;
+		    }
 		  else if (S_IS_LOCAL (isym->sym) && ! lazy)
 		    ;
 		  else
@@ -1847,6 +1857,8 @@ obj_mach_o_set_indirect_symbols (bfd *abfd, asection *sec,
 			      && ! (sym->n_type & BFD_MACH_O_N_PEXT)
 			      && (sym->n_type & BFD_MACH_O_N_EXT))
 			    sym->n_desc |= lazy;
+			  if (n >= nactual)
+			    as_fatal (_("internal error: more indirect mach-o symbols than expected"));
 			  ms->indirect_syms[n] = sym;
 		        }
 		    }

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]