PATCH for bfd in binutils-2.9.1/gdb-4.17

PATCH for bfd in binutils-2.9.1/gdb-4.17

[Manfred Hollstein]

This small patch fixes a bug I observed while running gdb-4.17
on a mips-sgi-irix5.3 system.  Since the debuggee's debug info
was larger than the system's virtual memory was able to provide,
the "goto error_return" in bfd/elf32-mips.c:_bfd_mips_elf_read_ecoff_info
got executed, which in turn tries to cleanup allocated memory.
Unfortunately, it's simply checking probably unitialized
memory to decide whether it should.

Later,
manfred

bfd/ChangeLog:

1999-02-23  Manfred Hollstein  <manfred@s-direktnet.de>

	* elf32-mips.c (_bfd_mips_elf_read_ecoff_info): Ensure only actually
	allocated members will be free'ed at error_return.

diff -rup -x CVS -x RCS -x *.o -x *.info* -x *.html* -x *.elc -x *.dvi -x *.orig -x *~ -x version.el binutils-2.9.1.orig/bfd/elf32-mips.c binutils-2.9.1/bfd/elf32-mips.c
--- binutils-2.9.1.orig/bfd/elf32-mips.c	Fri May  1 17:48:09 1998
+++ binutils-2.9.1/bfd/elf32-mips.c	Tue Feb 23 16:27:52 1999
@@ -2904,6 +2904,20 @@ _bfd_mips_elf_read_ecoff_info (abfd, sec
 
   swap = get_elf_backend_data (abfd)->elf_backend_ecoff_debug_swap;
 
+  /* Ensure only actually allocated members will be free'ed at
+     error_return.  */
+  debug->line = NULL;
+  debug->external_dnr = NULL;
+  debug->external_pdr = NULL;
+  debug->external_sym = NULL;
+  debug->external_opt = NULL;
+  debug->external_aux = NULL;
+  debug->ss = NULL;
+  debug->ssext = NULL;
+  debug->external_fdr = NULL;
+  debug->external_rfd = NULL;
+  debug->external_ext = NULL;
+
   ext_hdr = (char *) bfd_malloc ((size_t) swap->external_hdr_size);
   if (ext_hdr == NULL && swap->external_hdr_size != 0)
     goto error_return;

PATCH for bfd in binutils-2.9.1/gdb-4.17

[Manfred Hollstein]

This small patch fixes a bug I observed while running gdb-4.17
on a mips-sgi-irix5.3 system.  Since the debuggee's debug info
was larger than the system's virtual memory was able to provide,
the "goto error_return" in bfd/elf32-mips.c:_bfd_mips_elf_read_ecoff_info
got executed, which in turn tries to cleanup allocated memory.
Unfortunately, it's simply checking probably unitialized
memory to decide whether it should.

Later,
manfred

bfd/ChangeLog:

1999-02-23  Manfred Hollstein  <manfred@s-direktnet.de>

	* elf32-mips.c (_bfd_mips_elf_read_ecoff_info): Ensure only actually
	allocated members will be free'ed at error_return.

diff -rup -x CVS -x RCS -x *.o -x *.info* -x *.html* -x *.elc -x *.dvi -x *.orig -x *~ -x version.el binutils-2.9.1.orig/bfd/elf32-mips.c binutils-2.9.1/bfd/elf32-mips.c
--- binutils-2.9.1.orig/bfd/elf32-mips.c	Fri May  1 17:48:09 1998
+++ binutils-2.9.1/bfd/elf32-mips.c	Tue Feb 23 16:27:52 1999
@@ -2904,6 +2904,20 @@ _bfd_mips_elf_read_ecoff_info (abfd, sec
 
   swap = get_elf_backend_data (abfd)->elf_backend_ecoff_debug_swap;
 
+  /* Ensure only actually allocated members will be free'ed at
+     error_return.  */
+  debug->line = NULL;
+  debug->external_dnr = NULL;
+  debug->external_pdr = NULL;
+  debug->external_sym = NULL;
+  debug->external_opt = NULL;
+  debug->external_aux = NULL;
+  debug->ss = NULL;
+  debug->ssext = NULL;
+  debug->external_fdr = NULL;
+  debug->external_rfd = NULL;
+  debug->external_ext = NULL;
+
   ext_hdr = (char *) bfd_malloc ((size_t) swap->external_hdr_size);
   if (ext_hdr == NULL && swap->external_hdr_size != 0)
     goto error_return;

PATCH: fix unitialized memory reads in bfd/elf32-mips.c

[Manfred Hollstein]

Hi,

I reported this problem already with bfd in binutils-2.9.1 and gdb-4.17;
as it is still present in gdb-4.18, I'm re-posting a patch.

manfred

On Tue, 23 February 1999, 17:20:23, manfred@s-direktnet.de wrote:

 > This small patch fixes a bug I observed while running gdb-4.17
 > on a mips-sgi-irix5.3 system.  Since the debuggee's debug info
 > was larger than the system's virtual memory was able to provide,
 > the "goto error_return" in bfd/elf32-mips.c:_bfd_mips_elf_read_ecoff_info
 > got executed, which in turn tries to cleanup allocated memory.
 > Unfortunately, it's simply checking probably unitialized
 > memory to decide whether it should.

1999-04-14  Manfred Hollstein  <mhollstein@cygnus.com>

	* elf32-mips.c (_bfd_mips_elf_read_ecoff_info): Set all
	fields to 0 which may cause erroneous calls to free when
	"goto error_return" is executed.

diff -rup -x CVS -x RCS -x *.o -x *.info* -x *.html* -x *.elc -x *.dvi -x *.orig -x *~ -x version.el gdb-4.18.orig/bfd/elf32-mips.c gdb-4.18/bfd/elf32-mips.c
--- gdb-4.18.orig/bfd/elf32-mips.c	Wed Apr  7 22:57:07 1999
+++ gdb-4.18/bfd/elf32-mips.c	Wed Apr 14 15:13:27 1999
@@ -3058,6 +3058,17 @@ _bfd_mips_elf_read_ecoff_info (abfd, sec
 
   /* The symbolic header contains absolute file offsets and sizes to
      read.  */
+  debug->line = 0;
+  debug->external_dnr = 0;
+  debug->external_pdr = 0;
+  debug->external_sym = 0;
+  debug->external_opt = 0;
+  debug->external_aux = 0;
+  debug->ss = 0;
+  debug->ssext = 0;
+  debug->external_fdr = 0;
+  debug->external_rfd = 0;
+  debug->external_ext = 0;
 #define READ(ptr, offset, count, size, type)				\
   if (symhdr->count == 0)						\
     debug->ptr = NULL;							\


-- 
 Manfred Hollstein	 If you have any questions about GNU software:
  EMAIL:		<mhollstein@cygnus.com>	or <manfred.h@gmx.net>
  WWW:			     < http://home.t-online.de/home/manfred-h/ >
  PGP: < http://home.t-online.de/home/manfred-h/manfred.hATgmx.net.asc >

PATCH: fix unitialized memory reads in bfd/elf32-mips.c

[Manfred Hollstein]

Hi,

I reported this problem already with bfd in binutils-2.9.1 and gdb-4.17;
as it is still present in gdb-4.18, I'm re-posting a patch.

manfred

On Tue, 23 February 1999, 17:20:23, manfred@s-direktnet.de wrote:

 > This small patch fixes a bug I observed while running gdb-4.17
 > on a mips-sgi-irix5.3 system.  Since the debuggee's debug info
 > was larger than the system's virtual memory was able to provide,
 > the "goto error_return" in bfd/elf32-mips.c:_bfd_mips_elf_read_ecoff_info
 > got executed, which in turn tries to cleanup allocated memory.
 > Unfortunately, it's simply checking probably unitialized
 > memory to decide whether it should.

1999-04-14  Manfred Hollstein  <mhollstein@cygnus.com>

	* elf32-mips.c (_bfd_mips_elf_read_ecoff_info): Set all
	fields to 0 which may cause erroneous calls to free when
	"goto error_return" is executed.

diff -rup -x CVS -x RCS -x *.o -x *.info* -x *.html* -x *.elc -x *.dvi -x *.orig -x *~ -x version.el gdb-4.18.orig/bfd/elf32-mips.c gdb-4.18/bfd/elf32-mips.c
--- gdb-4.18.orig/bfd/elf32-mips.c	Wed Apr  7 22:57:07 1999
+++ gdb-4.18/bfd/elf32-mips.c	Wed Apr 14 15:13:27 1999
@@ -3058,6 +3058,17 @@ _bfd_mips_elf_read_ecoff_info (abfd, sec
 
   /* The symbolic header contains absolute file offsets and sizes to
      read.  */
+  debug->line = 0;
+  debug->external_dnr = 0;
+  debug->external_pdr = 0;
+  debug->external_sym = 0;
+  debug->external_opt = 0;
+  debug->external_aux = 0;
+  debug->ss = 0;
+  debug->ssext = 0;
+  debug->external_fdr = 0;
+  debug->external_rfd = 0;
+  debug->external_ext = 0;
 #define READ(ptr, offset, count, size, type)				\
   if (symhdr->count == 0)						\
     debug->ptr = NULL;							\


-- 
 Manfred Hollstein	 If you have any questions about GNU software:
  EMAIL:		<mhollstein@cygnus.com>	or <manfred.h@gmx.net>
  WWW:			     < http://home.t-online.de/home/manfred-h/ >
  PGP: < http://home.t-online.de/home/manfred-h/manfred.hATgmx.net.asc >
From shebs@cygnus.com Wed Apr 14 12:34:00 1999
From: Stan Shebs <shebs@cygnus.com>
To: richard.earnshaw@arm.com
Cc: gdb-patches@cygnus.com
Subject: Re: support for ARM GNU/Linux
Date: Wed, 14 Apr 1999 12:34:00 -0000
Message-id: <199904141834.LAA12554@andros.cygnus.com>
References: <199904140952.KAA25068@sun52.NIS.cambridge>
X-SW-Source: 1999-04/msg00028.html
Content-length: 1196

   Date: Wed, 14 Apr 1999 10:52:15 +0100
   From: Richard Earnshaw <rearnsha@arm.com>

   A bit of history.  SWI 24 was the breakpoint swi in RISC iX, which the 
   kernel understood (in some way).  I don't know if it was necessary to use 
   exactly that SWI if you were using gdb or if the same effect could be 
   achieved with other illegal instructions.

Thanks for the info!

   A side-note, before ARM Architecture v4 many "undefined" instruction 
   formats aren't guaranteed to take the undefined instruction trap.  Also 
   note that, in this respect, the ARM7TDMI is NOT fully ARM v4 compliant.

I don't quite understand - I hope ARM7TDMI is guaranteed to take the trap,
since Angel monitors are depending on that.

   I don't know if anyone cares about RISC iX support any more (though gcc 
   still supports it).

You'd be most likely to know if anyone would, methinks!  Since we've
adopted a policy of marking and ultimately deleting obsolete code in
GDB, and RISC iX is one of the candidates, any information you could
provide would be helpful.  Do you know if anybody is using a RISC iX
system nowadays, and if they would have any interest in a port of
current GDB?

							Stan

Re: PATCH: fix unitialized memory reads in bfd/elf32-mips.c

[Jim Blandy]

> I reported this problem already with bfd in binutils-2.9.1 and gdb-4.17;
> as it is still present in gdb-4.18, I'm re-posting a patch.

An equivalent patch has been applied now.  Thanks!

------- Start of forwarded message -------
Message-ID: <19990414143605.B28302@cygnus.com>
Date: Wed, 14 Apr 1999 14:36:05 -0700
From: Richard Henderson <rth@cygnus.com>
To: Jim Blandy <jimb@cygnus.com>
Subject: Re: [manfred-h@t-online.de (Manfred Hollstein)] PATCH: fix unitialized memory reads in bfd/elf32-mips.c
References: <npbtgryt9k.fsf@zwingli.cygnus.com>

On Wed, Apr 14, 1999 at 01:03:03PM -0500, Jim Blandy wrote:
> 1999-04-14  Manfred Hollstein  <mhollstein@cygnus.com>
> 
> 	* elf32-mips.c (_bfd_mips_elf_read_ecoff_info): Set all
> 	fields to 0 which may cause erroneous calls to free when
> 	"goto error_return" is executed.
>
> +  debug->line = 0;
> +  debug->external_dnr = 0;
> +  debug->external_pdr = 0;
> +  debug->external_sym = 0;
> +  debug->external_opt = 0;
> +  debug->external_aux = 0;
> +  debug->ss = 0;
> +  debug->ssext = 0;
> +  debug->external_fdr = 0;
> +  debug->external_rfd = 0;
> +  debug->external_ext = 0;

I've committed the following instead.

Thanks.


r~



Wed Apr 14 14:33:08 1999  Richard Henderson  <rth@cygnus.com>

        * elf32-mips.c (_bfd_mips_elf_read_ecoff_info): Zero `debug'.
        * elf64-alpha.c (elf64_alpha_read_ecoff_info): Likewise.

Index: elf32-mips.c
===================================================================
RCS file: /cvs/cvsfiles/devo/bfd/elf32-mips.c,v
retrieving revision 1.153
diff -c -p -d -r1.153 elf32-mips.c
*** elf32-mips.c	1999/04/10 23:24:04	1.153
--- elf32-mips.c	1999/04/14 21:32:49
*************** _bfd_mips_elf_read_ecoff_info (abfd, sec
*** 3330,3335 ****
--- 3330,3336 ----
    char *ext_hdr = NULL;
  
    swap = get_elf_backend_data (abfd)->elf_backend_ecoff_debug_swap;
+   memset (debug, 0, sizeof(*debug));
  
    ext_hdr = (char *) bfd_malloc ((size_t) swap->external_hdr_size);
    if (ext_hdr == NULL && swap->external_hdr_size != 0)
Index: elf64-alpha.c
===================================================================
RCS file: /cvs/cvsfiles/devo/bfd/elf64-alpha.c,v
retrieving revision 1.43
diff -c -p -d -r1.43 elf64-alpha.c
*** elf64-alpha.c	1999/04/10 23:24:04	1.43
--- elf64-alpha.c	1999/04/14 21:32:49
*************** elf64_alpha_read_ecoff_info (abfd, secti
*** 1950,1955 ****
--- 1950,1956 ----
    char *ext_hdr = NULL;
  
    swap = get_elf_backend_data (abfd)->elf_backend_ecoff_debug_swap;
+   memset (debug, 0, sizeof(*debug));
  
    ext_hdr = (char *) bfd_malloc ((size_t) swap->external_hdr_size);
    if (ext_hdr == NULL && swap->external_hdr_size != 0)

------- End of forwarded message -------