diff mbox

Fix gdb_bfd_section_index() for special sections

Message ID 1426602364-4984-1-git-send-email-andrzej.kaczmarek@tieto.com
State New, archived
Headers

Commit Message

Andrzej Kaczmarek March 17, 2015, 2:26 p.m. UTC 
  Indexes returned for special sections are off by one, i.e. with N+4
sections last one has index N+4 returned which is outside allocated
obstack (at the same time index N is not used at all).

In worst case, if sections obstack is allocated up to end of chunk,
writing last section data will cause buffer overrun and some data
corruption.

Here's output from Valgrind::

==14630== Invalid write of size 8
==14630==    at 0x551B1A: add_to_objfile_sections_full (objfiles.c:225)
==14630==    by 0x552768: allocate_objfile (objfiles.c:324)
==14630==    by 0x4E8E2E: symbol_file_add_with_addrs (symfile.c:1171)
==14630==    by 0x4E9453: symbol_file_add_from_bfd (symfile.c:1280)
==14630==    by 0x4E9453: symbol_file_add (symfile.c:1295)
==14630==    by 0x4E94B7: symbol_file_add_main_1 (symfile.c:1320)
==14630==    by 0x514246: catch_command_errors_const (main.c:398)
==14630==    by 0x5150AA: captured_main (main.c:1061)
==14630==    by 0x51123C: catch_errors (exceptions.c:240)
==14630==    by 0x51569A: gdb_main (main.c:1164)
==14630==    by 0x408824: main (gdb.c:32)
==14630==  Address 0x635f3b8 is 8 bytes after a block of size 4,064 alloc'd
==14630==    at 0x4C2ABA0: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14630==    by 0x60F797: xmalloc (common-utils.c:41)
==14630==    by 0x5E787FB: _obstack_begin (obstack.c:184)
==14630==    by 0x552679: allocate_objfile (objfiles.c:294)
==14630==    by 0x4E8E2E: symbol_file_add_with_addrs (symfile.c:1171)
==14630==    by 0x4E9453: symbol_file_add_from_bfd (symfile.c:1280)
==14630==    by 0x4E9453: symbol_file_add (symfile.c:1295)
==14630==    by 0x4E94B7: symbol_file_add_main_1 (symfile.c:1320)
==14630==    by 0x514246: catch_command_errors_const (main.c:398)
==14630==    by 0x5150AA: captured_main (main.c:1061)
==14630==    by 0x51123C: catch_errors (exceptions.c:240)
==14630==    by 0x51569A: gdb_main (main.c:1164)
==14630==    by 0x408824: main (gdb.c:32)

gdb/ChangeLog:

	* gdb_bfd.c (gdb_bfd_section_index): Fix return value for special
	sections
---
 gdb/gdb_bfd.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Comments

Pedro Alves March 27, 2015, 12:41 p.m. UTC | #1 
On 03/17/2015 02:26 PM, Andrzej Kaczmarek wrote:
> Indexes returned for special sections are off by one, i.e. with N+4
> sections last one has index N+4 returned which is outside allocated
> obstack (at the same time index N is not used at all).
> 
> In worst case, if sections obstack is allocated up to end of chunk,
> writing last section data will cause buffer overrun and some data
> corruption.

Regression tested on x86_64 Fedora 20, and pushed.

Thanks,
diff mbox

Patch

diff --git a/gdb/gdb_bfd.c b/gdb/gdb_bfd.c
index 7543dae..3f89d3a 100644
--- a/gdb/gdb_bfd.c
+++ b/gdb/gdb_bfd.c
@@ -616,13 +616,13 @@  gdb_bfd_section_index (bfd *abfd, asection *section)
   if (section == NULL)
     return -1;
   else if (section == bfd_com_section_ptr)
-    return bfd_count_sections (abfd) + 1;
+    return bfd_count_sections (abfd);
   else if (section == bfd_und_section_ptr)
-    return bfd_count_sections (abfd) + 2;
+    return bfd_count_sections (abfd) + 1;
   else if (section == bfd_abs_section_ptr)
-    return bfd_count_sections (abfd) + 3;
+    return bfd_count_sections (abfd) + 2;
   else if (section == bfd_ind_section_ptr)
-    return bfd_count_sections (abfd) + 4;
+    return bfd_count_sections (abfd) + 3;
   return section->index;
 }