This is the mail archive of the
gdb-prs@sources.redhat.com
mailing list for the GDB project.
Re: gdb/1627: gdb crashes inside malloc when running something
- From: Olivier Crete <tester at tester dot ca>
- To: nobody at sources dot redhat dot com
- Cc: gdb-prs at sources dot redhat dot com,
- Date: 27 Apr 2004 19:18:01 -0000
- Subject: Re: gdb/1627: gdb crashes inside malloc when running something
- Reply-to: Olivier Crete <tester at tester dot ca>
The following reply was made to PR gdb/1627; it has been noted by GNATS.
From: Olivier Crete <tester@tester.ca>
To: gdb-gnats@sources.redhat.com
Cc:
Subject: Re: gdb/1627: gdb crashes inside malloc when running something
Date: Tue, 27 Apr 2004 21:07:25 +0200
I finally found the source of the bug... In the function
symbol_file_add_with_addrs_or_offsets() inside symfile.c, the orig_addrs
struct is allocated for bfd_count_sections(abfd) sections and then
filled with addrs->num_sections sections.. If the second is larger than
the first.. memory corruption will happen. I've change the allocation to
be done inside the "if (addrs)".. so I am forced to initialise the said
var to NULL...
Here is a patch against the current cvs:
Index: gdb/ChangeLog
===================================================================
RCS file: /cvs/src/src/gdb/ChangeLog,v
retrieving revision 1.5738
diff -b -u -2 -r1.5738 ChangeLog
--- gdb/ChangeLog 26 Apr 2004 09:49:35 -0000 1.5738
+++ gdb/ChangeLog 27 Apr 2004 19:06:00 -0000
@@ -1,2 +1,7 @@
+2004-04-27 Olivier Crete <tester@tester.ca>
+
+ * symfile.c (symbol_file_add_with_addrs_or_offsets): Allocate
enough
+ memory for what is to be copied
+
2004-04-26 Orjan Friberg <orjanf@axis.com>
Index: gdb/symfile.c
===================================================================
RCS file: /cvs/src/src/gdb/symfile.c,v
retrieving revision 1.128
diff -b -u -2 -r1.128 symfile.c
--- gdb/symfile.c 21 Apr 2004 23:52:21 -0000 1.128
+++ gdb/symfile.c 27 Apr 2004 19:06:05 -0000
@@ -785,5 +785,6 @@
struct partial_symtab *psymtab;
char *debugfile;
- struct section_addr_info *orig_addrs;
+ bfd *abfd;
+ struct section_addr_info *orig_addrs = NULL;
struct cleanup *my_cleanups;
const char *name = bfd_get_filename (abfd);
@@ -803,9 +804,10 @@
discard_cleanups (my_cleanups);
- orig_addrs = alloc_section_addr_info (bfd_count_sections (abfd));
- my_cleanups = make_cleanup (xfree, orig_addrs);
if (addrs)
{
int i;
+ orig_addrs = alloc_section_addr_info (addrs->num_sections);
+ my_cleanups = make_cleanup (xfree, orig_addrs);
+
orig_addrs->num_sections = addrs->num_sections;
for (i = 0; i < addrs->num_sections; i++)