This is the mail archive of the gdb-patches@sourceware.cygnus.com mailing list for the GDB project. See the GDB home page for more information.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: PATCH: fix unitialized memory reads in bfd/elf32-mips.c



> I reported this problem already with bfd in binutils-2.9.1 and gdb-4.17;
> as it is still present in gdb-4.18, I'm re-posting a patch.

An equivalent patch has been applied now.  Thanks!

------- Start of forwarded message -------
Message-ID: <19990414143605.B28302@cygnus.com>
Date: Wed, 14 Apr 1999 14:36:05 -0700
From: Richard Henderson <rth@cygnus.com>
To: Jim Blandy <jimb@cygnus.com>
Subject: Re: [manfred-h@t-online.de (Manfred Hollstein)] PATCH: fix unitialized memory reads in bfd/elf32-mips.c
References: <npbtgryt9k.fsf@zwingli.cygnus.com>

On Wed, Apr 14, 1999 at 01:03:03PM -0500, Jim Blandy wrote:
> 1999-04-14  Manfred Hollstein  <mhollstein@cygnus.com>
> 
> 	* elf32-mips.c (_bfd_mips_elf_read_ecoff_info): Set all
> 	fields to 0 which may cause erroneous calls to free when
> 	"goto error_return" is executed.
>
> +  debug->line = 0;
> +  debug->external_dnr = 0;
> +  debug->external_pdr = 0;
> +  debug->external_sym = 0;
> +  debug->external_opt = 0;
> +  debug->external_aux = 0;
> +  debug->ss = 0;
> +  debug->ssext = 0;
> +  debug->external_fdr = 0;
> +  debug->external_rfd = 0;
> +  debug->external_ext = 0;

I've committed the following instead.

Thanks.


r~



Wed Apr 14 14:33:08 1999  Richard Henderson  <rth@cygnus.com>

        * elf32-mips.c (_bfd_mips_elf_read_ecoff_info): Zero `debug'.
        * elf64-alpha.c (elf64_alpha_read_ecoff_info): Likewise.

Index: elf32-mips.c
===================================================================
RCS file: /cvs/cvsfiles/devo/bfd/elf32-mips.c,v
retrieving revision 1.153
diff -c -p -d -r1.153 elf32-mips.c
*** elf32-mips.c	1999/04/10 23:24:04	1.153
--- elf32-mips.c	1999/04/14 21:32:49
*************** _bfd_mips_elf_read_ecoff_info (abfd, sec
*** 3330,3335 ****
--- 3330,3336 ----
    char *ext_hdr = NULL;
  
    swap = get_elf_backend_data (abfd)->elf_backend_ecoff_debug_swap;
+   memset (debug, 0, sizeof(*debug));
  
    ext_hdr = (char *) bfd_malloc ((size_t) swap->external_hdr_size);
    if (ext_hdr == NULL && swap->external_hdr_size != 0)
Index: elf64-alpha.c
===================================================================
RCS file: /cvs/cvsfiles/devo/bfd/elf64-alpha.c,v
retrieving revision 1.43
diff -c -p -d -r1.43 elf64-alpha.c
*** elf64-alpha.c	1999/04/10 23:24:04	1.43
--- elf64-alpha.c	1999/04/14 21:32:49
*************** elf64_alpha_read_ecoff_info (abfd, secti
*** 1950,1955 ****
--- 1950,1956 ----
    char *ext_hdr = NULL;
  
    swap = get_elf_backend_data (abfd)->elf_backend_ecoff_debug_swap;
+   memset (debug, 0, sizeof(*debug));
  
    ext_hdr = (char *) bfd_malloc ((size_t) swap->external_hdr_size);
    if (ext_hdr == NULL && swap->external_hdr_size != 0)

------- End of forwarded message -------