This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Uninitialised contents in gnu_debuglink section
- From: Alan Modra <amodra at bigpond dot net dot au>
- To: binutils at sourceware dot org
- Date: Fri, 14 Sep 2007 17:26:01 +0930
- Subject: Uninitialised contents in gnu_debuglink section
This patch fixes a number of bugs. find_separate_debug_file could
fail without setting bfd_error, and bfd_fill_in_gnu_debuglink_section
could leave random gunk after the file name.
* opncls.c (find_separate_debug_file): Ensure bfd_set_error has
been called on all error return paths.
(bfd_fill_in_gnu_debuglink_section): Use bfd_malloc, not malloc.
Clear padding after filename
Index: bfd/opncls.c
===================================================================
RCS file: /cvs/src/src/bfd/opncls.c,v
retrieving revision 1.49
diff -u -p -r1.49 opncls.c
--- bfd/opncls.c 9 Aug 2007 14:22:03 -0000 1.49
+++ bfd/opncls.c 14 Sep 2007 05:40:19 -0000
@@ -1217,46 +1217,48 @@ find_separate_debug_file (bfd *abfd, con
char *debugfile;
unsigned long crc32;
int i;
+ size_t dirlen;
BFD_ASSERT (abfd);
if (debug_file_directory == NULL)
debug_file_directory = ".";
/* BFD may have been opened from a stream. */
- if (! abfd->filename)
- return NULL;
+ if (abfd->filename == NULL)
+ {
+ bfd_set_error (bfd_error_invalid_operation);
+ return NULL;
+ }
basename = get_debug_link_info (abfd, & crc32);
if (basename == NULL)
return NULL;
- if (strlen (basename) < 1)
+ if (basename[0] == '\0')
{
free (basename);
+ bfd_set_error (bfd_error_no_debug_section);
return NULL;
}
- dir = strdup (abfd->filename);
+ for (dirlen = strlen (abfd->filename); dirlen > 0; dirlen--)
+ if (IS_DIR_SEPARATOR (abfd->filename[dirlen - 1]))
+ break;
+
+ dir = bfd_malloc (dirlen + 1);
if (dir == NULL)
{
free (basename);
return NULL;
}
- BFD_ASSERT (strlen (dir) != 0);
-
- /* Strip off filename part. */
- for (i = strlen (dir) - 1; i >= 0; i--)
- if (IS_DIR_SEPARATOR (dir[i]))
- break;
+ memcpy (dir, abfd->filename, dirlen);
+ dir[dirlen] = '\0';
- dir[i + 1] = '\0';
- BFD_ASSERT (dir[i] == '/' || dir[0] == '\0');
-
- debugfile = malloc (strlen (debug_file_directory) + 1
- + strlen (dir)
- + strlen (".debug/")
- + strlen (basename)
- + 1);
+ debugfile = bfd_malloc (strlen (debug_file_directory) + 1
+ + dirlen
+ + strlen (".debug/")
+ + strlen (basename)
+ + 1);
if (debugfile == NULL)
{
free (basename);
@@ -1435,6 +1437,7 @@ bfd_fill_in_gnu_debuglink_section (bfd *
FILE * handle;
static unsigned char buffer[8 * 1024];
size_t count;
+ size_t filelen;
if (abfd == NULL || sect == NULL || filename == NULL)
{
@@ -1464,21 +1467,22 @@ bfd_fill_in_gnu_debuglink_section (bfd *
now that we no longer need them. */
filename = lbasename (filename);
- debuglink_size = strlen (filename) + 1;
+ filelen = strlen (filename);
+ debuglink_size = filelen + 1;
debuglink_size += 3;
debuglink_size &= ~3;
debuglink_size += 4;
- contents = malloc (debuglink_size);
+ contents = bfd_malloc (debuglink_size);
if (contents == NULL)
{
/* XXX Should we delete the section from the bfd ? */
- bfd_set_error (bfd_error_no_memory);
return FALSE;
}
- strcpy (contents, filename);
crc_offset = debuglink_size - 4;
+ memcpy (contents, filename, filelen);
+ memset (contents + filelen, 0, crc_offset - filelen);
bfd_put_32 (abfd, crc32, contents + crc_offset);
--
Alan Modra
Australia Development Lab, IBM