From patchwork Tue Mar 17 14:26:04 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
X-Patchwork-Id: 5651
Received: (qmail 43575 invoked by alias); 17 Mar 2015 14:26:57 -0000
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Unsubscribe: <mailto:gdb-patches-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
Delivered-To: mailing list gdb-patches@sourceware.org
Received: (qmail 42749 invoked by uid 89); 17 Mar 2015 14:26:57 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00, SPF_PASS,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-HELO: ebb09.tieto.com
Received: from ebb09.tieto.com (HELO ebb09.tieto.com) (131.207.176.19) by
	sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with
	(AES256-SHA encrypted) ESMTPS; Tue, 17 Mar 2015 14:26:55 +0000
Received: from FIHGA-EXHUB01.eu.tieto.com ( [131.207.136.34])	by
	ebb09.tieto.com (SMTP Mailer) with SMTP id
	4F.A3.06004.AA938055; Tue, 17 Mar 2015 16:26:50 +0200 (EET)
Received: from ubu.eu.tieto.com (10.28.19.243) by inbound.tieto.com
	(131.207.136.49) with Microsoft SMTP Server id 8.3.342.0;
	Tue, 17 Mar 2015 16:26:50 +0200
From: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
To: <gdb-patches@sourceware.org>
CC: Andrzej Kaczmarek <andrzej.kaczmarek@tieto.com>
Subject: [PATCH] Fix gdb_bfd_section_index() for special sections
Date: Tue, 17 Mar 2015 15:26:04 +0100
Message-ID: <1426602364-4984-1-git-send-email-andrzej.kaczmarek@tieto.com>
MIME-Version: 1.0
X-IsSubscribed: yes

Indexes returned for special sections are off by one, i.e. with N+4
sections last one has index N+4 returned which is outside allocated
obstack (at the same time index N is not used at all).

In worst case, if sections obstack is allocated up to end of chunk,
writing last section data will cause buffer overrun and some data
corruption.

Here's output from Valgrind::

==14630== Invalid write of size 8
==14630==    at 0x551B1A: add_to_objfile_sections_full (objfiles.c:225)
==14630==    by 0x552768: allocate_objfile (objfiles.c:324)
==14630==    by 0x4E8E2E: symbol_file_add_with_addrs (symfile.c:1171)
==14630==    by 0x4E9453: symbol_file_add_from_bfd (symfile.c:1280)
==14630==    by 0x4E9453: symbol_file_add (symfile.c:1295)
==14630==    by 0x4E94B7: symbol_file_add_main_1 (symfile.c:1320)
==14630==    by 0x514246: catch_command_errors_const (main.c:398)
==14630==    by 0x5150AA: captured_main (main.c:1061)
==14630==    by 0x51123C: catch_errors (exceptions.c:240)
==14630==    by 0x51569A: gdb_main (main.c:1164)
==14630==    by 0x408824: main (gdb.c:32)
==14630==  Address 0x635f3b8 is 8 bytes after a block of size 4,064 alloc'd
==14630==    at 0x4C2ABA0: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14630==    by 0x60F797: xmalloc (common-utils.c:41)
==14630==    by 0x5E787FB: _obstack_begin (obstack.c:184)
==14630==    by 0x552679: allocate_objfile (objfiles.c:294)
==14630==    by 0x4E8E2E: symbol_file_add_with_addrs (symfile.c:1171)
==14630==    by 0x4E9453: symbol_file_add_from_bfd (symfile.c:1280)
==14630==    by 0x4E9453: symbol_file_add (symfile.c:1295)
==14630==    by 0x4E94B7: symbol_file_add_main_1 (symfile.c:1320)
==14630==    by 0x514246: catch_command_errors_const (main.c:398)
==14630==    by 0x5150AA: captured_main (main.c:1061)
==14630==    by 0x51123C: catch_errors (exceptions.c:240)
==14630==    by 0x51569A: gdb_main (main.c:1164)
==14630==    by 0x408824: main (gdb.c:32)

gdb/ChangeLog:

	* gdb_bfd.c (gdb_bfd_section_index): Fix return value for special
	sections
---
 gdb/gdb_bfd.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/gdb/gdb_bfd.c b/gdb/gdb_bfd.c
index 7543dae..3f89d3a 100644
--- a/gdb/gdb_bfd.c
+++ b/gdb/gdb_bfd.c
@@ -616,13 +616,13 @@ gdb_bfd_section_index (bfd *abfd, asection *section)
   if (section == NULL)
     return -1;
   else if (section == bfd_com_section_ptr)
-    return bfd_count_sections (abfd) + 1;
+    return bfd_count_sections (abfd);
   else if (section == bfd_und_section_ptr)
-    return bfd_count_sections (abfd) + 2;
+    return bfd_count_sections (abfd) + 1;
   else if (section == bfd_abs_section_ptr)
-    return bfd_count_sections (abfd) + 3;
+    return bfd_count_sections (abfd) + 2;
   else if (section == bfd_ind_section_ptr)
-    return bfd_count_sections (abfd) + 4;
+    return bfd_count_sections (abfd) + 3;
   return section->index;
 }