PATCH: fix unitialized memory reads in bfd/elf32-mips.c

[manfred-h@t-online.de (Manfred Hollstein)]

Hi,

I reported this problem already with bfd in binutils-2.9.1 and gdb-4.17;
as it is still present in gdb-4.18, I'm re-posting a patch.

manfred

On Tue, 23 February 1999, 17:20:23, manfred@s-direktnet.de wrote:

 > This small patch fixes a bug I observed while running gdb-4.17
 > on a mips-sgi-irix5.3 system.  Since the debuggee's debug info
 > was larger than the system's virtual memory was able to provide,
 > the "goto error_return" in bfd/elf32-mips.c:_bfd_mips_elf_read_ecoff_info
 > got executed, which in turn tries to cleanup allocated memory.
 > Unfortunately, it's simply checking probably unitialized
 > memory to decide whether it should.

1999-04-14  Manfred Hollstein  <mhollstein@cygnus.com>

	* elf32-mips.c (_bfd_mips_elf_read_ecoff_info): Set all
	fields to 0 which may cause erroneous calls to free when
	"goto error_return" is executed.

diff -rup -x CVS -x RCS -x *.o -x *.info* -x *.html* -x *.elc -x *.dvi -x *.orig -x *~ -x version.el gdb-4.18.orig/bfd/elf32-mips.c gdb-4.18/bfd/elf32-mips.c
--- gdb-4.18.orig/bfd/elf32-mips.c	Wed Apr  7 22:57:07 1999
+++ gdb-4.18/bfd/elf32-mips.c	Wed Apr 14 15:13:27 1999
@@ -3058,6 +3058,17 @@ _bfd_mips_elf_read_ecoff_info (abfd, sec
 
   /* The symbolic header contains absolute file offsets and sizes to
      read.  */
+  debug->line = 0;
+  debug->external_dnr = 0;
+  debug->external_pdr = 0;
+  debug->external_sym = 0;
+  debug->external_opt = 0;
+  debug->external_aux = 0;
+  debug->ss = 0;
+  debug->ssext = 0;
+  debug->external_fdr = 0;
+  debug->external_rfd = 0;
+  debug->external_ext = 0;
 #define READ(ptr, offset, count, size, type)				\
   if (symhdr->count == 0)						\
     debug->ptr = NULL;							\


-- 
 Manfred Hollstein	 If you have any questions about GNU software:
  EMAIL:		<mhollstein@cygnus.com>	or <manfred.h@gmx.net>
  WWW:			     < http://home.t-online.de/home/manfred-h/ >
  PGP: < http://home.t-online.de/home/manfred-h/manfred.hATgmx.net.asc >
From shebs@cygnus.com Wed Apr 14 12:34:00 1999
From: Stan Shebs <shebs@cygnus.com>
To: richard.earnshaw@arm.com
Cc: gdb-patches@cygnus.com
Subject: Re: support for ARM GNU/Linux
Date: Wed, 14 Apr 1999 12:34:00 -0000
Message-id: <199904141834.LAA12554@andros.cygnus.com>
References: <199904140952.KAA25068@sun52.NIS.cambridge>
X-SW-Source: 1999-04/msg00028.html
Content-length: 1196

   Date: Wed, 14 Apr 1999 10:52:15 +0100
   From: Richard Earnshaw <rearnsha@arm.com>

   A bit of history.  SWI 24 was the breakpoint swi in RISC iX, which the 
   kernel understood (in some way).  I don't know if it was necessary to use 
   exactly that SWI if you were using gdb or if the same effect could be 
   achieved with other illegal instructions.

Thanks for the info!

   A side-note, before ARM Architecture v4 many "undefined" instruction 
   formats aren't guaranteed to take the undefined instruction trap.  Also 
   note that, in this respect, the ARM7TDMI is NOT fully ARM v4 compliant.

I don't quite understand - I hope ARM7TDMI is guaranteed to take the trap,
since Angel monitors are depending on that.

   I don't know if anyone cares about RISC iX support any more (though gcc 
   still supports it).

You'd be most likely to know if anyone would, methinks!  Since we've
adopted a policy of marking and ultimately deleting obsolete code in
GDB, and RISC iX is one of the candidates, any information you could
provide would be helpful.  Do you know if anybody is using a RISC iX
system nowadays, and if they would have any interest in a port of
current GDB?

							Stan