From: ppluzhnikov@google.com (Paul Pluzhnikov)
To: gdb-patches@sourceware.org
Cc: ppluzhnikov@google.com, Jan Kratochvil <jan.kratochvil@redhat.com>
Subject: [patch] Fix off-by-one bug in elfread.c
Date: Sat, 23 Jul 2011 07:20:00 -0000 [thread overview]
Message-ID: <20110722230358.CB4ED190B14@elbrus2.mtv.corp.google.com> (raw)
Greetings,
While running GDB under Valgrind, I noticed a bunch of errors like this:
==32593== Conditional jump or move depends on uninitialised value(s)
==32593== at 0x574F4E: symbol_set_names (/home/src/gdb/symtab.c:622)
==32593== by 0x460D20: prim_record_minimal_symbol_full (/home/src/gdb/minsyms.c:904)
==32593== by 0x51E9B8: record_minimal_symbol (/home/src/gdb/elfread.c:204)
==32593== by 0x51F788: elf_rel_plt_read (/home/src/gdb/elfread.c:679)
==32593== by 0x520F2C: elf_symfile_read (/home/src/gdb/elfread.c:1302)
==32593== by 0x58293D: syms_from_objfile (/home/src/gdb/symfile.c:1016)
==32593== by 0x582B6E: symbol_file_add_with_addrs_or_offsets (/home/src/gdb/symfile.c:1125)
==32593== by 0x582D88: symbol_file_add_from_bfd (/home/src/gdb/symfile.c:1217)
==32593== by 0x4759E4: solib_read_symbols (/home/src/gdb/solib.c:651)
==32593== by 0x476008: solib_add (/home/src/gdb/solib.c:960)
==32593== by 0x49E608: enable_break (/home/src/gdb/solib-svr4.c:1556)
==32593== by 0x49F5EE: svr4_solib_create_inferior_hook (/home/src/gdb/solib-svr4.c:2210)
AFAICT, they are the result of off-by-one bug in elf_rel_plt_read.
Patch attached.
Thanks,
--
Paul Pluzhnikov
2011-07-22 Paul Pluzhnikov <ppluzhnikov@google.com>
* elfread.c (elf_rel_plt_read): Fix off-by-one bug.
Index: elfread.c
===================================================================
RCS file: /cvs/src/src/gdb/elfread.c,v
retrieving revision 1.116
diff -u -p -r1.116 elfread.c
--- elfread.c 26 May 2011 07:47:10 -0000 1.116
+++ elfread.c 22 Jul 2011 22:49:06 -0000
@@ -667,14 +667,14 @@ elf_rel_plt_read (struct objfile *objfil
OBJFILE the symbol is undefined and the objfile having NAME defined
may not yet have been loaded. */
- if (string_buffer_size < name_len + got_suffix_len)
+ if (string_buffer_size < name_len + got_suffix_len + 1)
{
string_buffer_size = 2 * (name_len + got_suffix_len);
string_buffer = xrealloc (string_buffer, string_buffer_size);
}
memcpy (string_buffer, name, name_len);
memcpy (&string_buffer[name_len], SYMBOL_GOT_PLT_SUFFIX,
- got_suffix_len);
+ got_suffix_len + 1);
msym = record_minimal_symbol (string_buffer, name_len + got_suffix_len,
1, address, mst_slot_got_plt, got_plt,
next reply other threads:[~2011-07-22 23:04 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-23 7:20 Paul Pluzhnikov [this message]
2011-07-23 17:14 ` Jan Kratochvil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110722230358.CB4ED190B14@elbrus2.mtv.corp.google.com \
--to=ppluzhnikov@google.com \
--cc=gdb-patches@sourceware.org \
--cc=jan.kratochvil@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox