From mboxrd@z Thu Jan 1 00:00:00 1970 From: manfred-h@t-online.de (Manfred Hollstein) To: bug-gdb@gnu.org Cc: bfd@cygnus.com, gdb-patches@cygnus.com Subject: PATCH: fix unitialized memory reads in bfd/elf32-mips.c Date: Wed, 14 Apr 1999 10:47:00 -0000 Message-id: <14100.46517.331398.118164@saturn.hollstein.net> References: <14034.52083.787129.934623@exept.exept.de> <14034.52083.787129.934623@exept.exept.de> X-SW-Source: 1999-04/msg00027.html Hi, I reported this problem already with bfd in binutils-2.9.1 and gdb-4.17; as it is still present in gdb-4.18, I'm re-posting a patch. manfred On Tue, 23 February 1999, 17:20:23, manfred@s-direktnet.de wrote: > This small patch fixes a bug I observed while running gdb-4.17 > on a mips-sgi-irix5.3 system. Since the debuggee's debug info > was larger than the system's virtual memory was able to provide, > the "goto error_return" in bfd/elf32-mips.c:_bfd_mips_elf_read_ecoff_info > got executed, which in turn tries to cleanup allocated memory. > Unfortunately, it's simply checking probably unitialized > memory to decide whether it should. 1999-04-14 Manfred Hollstein * elf32-mips.c (_bfd_mips_elf_read_ecoff_info): Set all fields to 0 which may cause erroneous calls to free when "goto error_return" is executed. diff -rup -x CVS -x RCS -x *.o -x *.info* -x *.html* -x *.elc -x *.dvi -x *.orig -x *~ -x version.el gdb-4.18.orig/bfd/elf32-mips.c gdb-4.18/bfd/elf32-mips.c --- gdb-4.18.orig/bfd/elf32-mips.c Wed Apr 7 22:57:07 1999 +++ gdb-4.18/bfd/elf32-mips.c Wed Apr 14 15:13:27 1999 @@ -3058,6 +3058,17 @@ _bfd_mips_elf_read_ecoff_info (abfd, sec /* The symbolic header contains absolute file offsets and sizes to read. */ + debug->line = 0; + debug->external_dnr = 0; + debug->external_pdr = 0; + debug->external_sym = 0; + debug->external_opt = 0; + debug->external_aux = 0; + debug->ss = 0; + debug->ssext = 0; + debug->external_fdr = 0; + debug->external_rfd = 0; + debug->external_ext = 0; #define READ(ptr, offset, count, size, type) \ if (symhdr->count == 0) \ debug->ptr = NULL; \ -- Manfred Hollstein If you have any questions about GNU software: EMAIL: or WWW: < http://home.t-online.de/home/manfred-h/ > PGP: < http://home.t-online.de/home/manfred-h/manfred.hATgmx.net.asc > >From shebs@cygnus.com Wed Apr 14 12:34:00 1999 From: Stan Shebs To: richard.earnshaw@arm.com Cc: gdb-patches@cygnus.com Subject: Re: support for ARM GNU/Linux Date: Wed, 14 Apr 1999 12:34:00 -0000 Message-id: <199904141834.LAA12554@andros.cygnus.com> References: <199904140952.KAA25068@sun52.NIS.cambridge> X-SW-Source: 1999-04/msg00028.html Content-length: 1196 Date: Wed, 14 Apr 1999 10:52:15 +0100 From: Richard Earnshaw A bit of history. SWI 24 was the breakpoint swi in RISC iX, which the kernel understood (in some way). I don't know if it was necessary to use exactly that SWI if you were using gdb or if the same effect could be achieved with other illegal instructions. Thanks for the info! A side-note, before ARM Architecture v4 many "undefined" instruction formats aren't guaranteed to take the undefined instruction trap. Also note that, in this respect, the ARM7TDMI is NOT fully ARM v4 compliant. I don't quite understand - I hope ARM7TDMI is guaranteed to take the trap, since Angel monitors are depending on that. I don't know if anyone cares about RISC iX support any more (though gcc still supports it). You'd be most likely to know if anyone would, methinks! Since we've adopted a policy of marking and ultimately deleting obsolete code in GDB, and RISC iX is one of the candidates, any information you could provide would be helpful. Do you know if anybody is using a RISC iX system nowadays, and if they would have any interest in a port of current GDB? Stan From mboxrd@z Thu Jan 1 00:00:00 1970 From: manfred-h@t-online.de (Manfred Hollstein) To: bug-gdb@gnu.org Cc: bfd@cygnus.com, gdb-patches@cygnus.com Subject: PATCH: fix unitialized memory reads in bfd/elf32-mips.c Date: Wed, 14 Apr 1999 09:22:00 -0000 Message-ID: <14100.46517.331398.118164@saturn.hollstein.net> References: <14034.52083.787129.934623@exept.exept.de> <14034.52083.787129.934623@exept.exept.de> X-SW-Source: 1999-q2/msg00027.html Message-ID: <19990414092200.s7v-Cl5hVRLbMS85SYYQeZkfoZF2b9aHU8L1UNIiu5I@z> Hi, I reported this problem already with bfd in binutils-2.9.1 and gdb-4.17; as it is still present in gdb-4.18, I'm re-posting a patch. manfred On Tue, 23 February 1999, 17:20:23, manfred@s-direktnet.de wrote: > This small patch fixes a bug I observed while running gdb-4.17 > on a mips-sgi-irix5.3 system. Since the debuggee's debug info > was larger than the system's virtual memory was able to provide, > the "goto error_return" in bfd/elf32-mips.c:_bfd_mips_elf_read_ecoff_info > got executed, which in turn tries to cleanup allocated memory. > Unfortunately, it's simply checking probably unitialized > memory to decide whether it should. 1999-04-14 Manfred Hollstein * elf32-mips.c (_bfd_mips_elf_read_ecoff_info): Set all fields to 0 which may cause erroneous calls to free when "goto error_return" is executed. diff -rup -x CVS -x RCS -x *.o -x *.info* -x *.html* -x *.elc -x *.dvi -x *.orig -x *~ -x version.el gdb-4.18.orig/bfd/elf32-mips.c gdb-4.18/bfd/elf32-mips.c --- gdb-4.18.orig/bfd/elf32-mips.c Wed Apr 7 22:57:07 1999 +++ gdb-4.18/bfd/elf32-mips.c Wed Apr 14 15:13:27 1999 @@ -3058,6 +3058,17 @@ _bfd_mips_elf_read_ecoff_info (abfd, sec /* The symbolic header contains absolute file offsets and sizes to read. */ + debug->line = 0; + debug->external_dnr = 0; + debug->external_pdr = 0; + debug->external_sym = 0; + debug->external_opt = 0; + debug->external_aux = 0; + debug->ss = 0; + debug->ssext = 0; + debug->external_fdr = 0; + debug->external_rfd = 0; + debug->external_ext = 0; #define READ(ptr, offset, count, size, type) \ if (symhdr->count == 0) \ debug->ptr = NULL; \ -- Manfred Hollstein If you have any questions about GNU software: EMAIL: or WWW: < http://home.t-online.de/home/manfred-h/ > PGP: < http://home.t-online.de/home/manfred-h/manfred.hATgmx.net.asc >