From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-12258-listarch-gdb-patches=sourceware.cygnus.com@sources.redhat.com>
Received: (qmail 9583 invoked by alias); 24 Jan 2002 00:03:28 -0000
Mailing-List: contact gdb-patches-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:gdb-patches-subscribe@sources.redhat.com>
List-Archive: <http://sources.redhat.com/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sources.redhat.com>
List-Help: <mailto:gdb-patches-help@sources.redhat.com>, <http://sources.redhat.com/ml/#faqs>
Sender: gdb-patches-owner@sources.redhat.com
Received: (qmail 9403 invoked from network); 24 Jan 2002 00:03:26 -0000
Received: from unknown (HELO fred.ninemoons.com) (68.15.182.197)
  by sources.redhat.com with SMTP; 24 Jan 2002 00:03:26 -0000
Received: (from fnf@localhost)
	by fred.ninemoons.com (8.11.6/8.11.6) id g0O03RD01228;
	Wed, 23 Jan 2002 17:03:27 -0700
From: Fred Fish <fnf@fred.ninemoons.com>
Message-Id: <200201240003.g0O03RD01228@fred.ninemoons.com>
Subject: [RFA] Fix memory corruption bug in mdebugread.c
To: gdb-patches@sources.redhat.com
Date: Wed, 23 Jan 2002 16:03:00 -0000
Cc: fnf@redhat.com
Reply-To: fnf@redhat.com
X-Mailer: ELM [version 2.5 PL6]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-SW-Source: 2002-01/txt/msg00703.txt.bz2

The code to handle stabs continuation in mdebugread.c incorrectly
attempts to overwrite memory returned by realloc with the original
contents of the memory passed to realloc.  This is wrong for two
reasons; first realloc will do any copying needed if the string is
moved, and second, the copy at the old location may be corrupted by
the time realloc returns a pointer to the new location.

This patch fixes the problem.

-Fred

2002-01-23  Fred Fish  <fnf@redhat.com>

	* mdebugread.c (parse_partial_symbols): Only copy stabstring1 to
	stabstring on initial malloc.  Reallocing will copy it for us,
	if necessary.

Index: mdebugread.c
===================================================================
RCS file: /cvs/src/src/gdb/mdebugread.c,v
retrieving revision 1.22
diff -c -p -r1.22 mdebugread.c
*** mdebugread.c	2002/01/20 19:42:04	1.22
--- mdebugread.c	2002/01/24 00:02:24
*************** parse_partial_symbols (struct objfile *o
*** 2707,2714 ****
  		     && stabstring != debug_info->ss + fh->issBase + sh.iss)
  		      stabstring = xrealloc (stabstring, len + len2 + 1);
  		    else
! 		      stabstring = xmalloc (len + len2 + 1);
! 		    strcpy (stabstring, stabstring1);
  		    strcpy (stabstring + len, stabstring2);
  		    len += len2;
  		  }
--- 2707,2716 ----
  		     && stabstring != debug_info->ss + fh->issBase + sh.iss)
  		      stabstring = xrealloc (stabstring, len + len2 + 1);
  		    else
! 		      {
! 			stabstring = xmalloc (len + len2 + 1);
! 			strcpy (stabstring, stabstring1);
! 		      }
  		    strcpy (stabstring + len, stabstring2);
  		    len += len2;
  		  }