From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26362 invoked by alias); 22 Jul 2011 23:04:21 -0000 Received: (qmail 26346 invoked by uid 22791); 22 Jul 2011 23:04:19 -0000 X-SWARE-Spam-Status: No, hits=-1.8 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,KAM_STOCKGEN,RP_MATCHES_RCVD,SPF_HELO_PASS,TW_BJ,TW_CP,TW_YM X-Spam-Check-By: sourceware.org Received: from smtp-out.google.com (HELO smtp-out.google.com) (74.125.121.67) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 22 Jul 2011 23:04:06 +0000 Received: from kpbe20.cbf.corp.google.com (kpbe20.cbf.corp.google.com [172.25.105.84]) by smtp-out.google.com with ESMTP id p6MN40Nb028755; Fri, 22 Jul 2011 16:04:00 -0700 Received: from elbrus2.mtv.corp.google.com (elbrus2.mtv.corp.google.com [172.18.111.111]) by kpbe20.cbf.corp.google.com with ESMTP id p6MN3w4K007278; Fri, 22 Jul 2011 16:03:59 -0700 Received: by elbrus2.mtv.corp.google.com (Postfix, from userid 74925) id CB4ED190B14; Fri, 22 Jul 2011 16:03:58 -0700 (PDT) To: gdb-patches@sourceware.org Cc: ppluzhnikov@google.com, Jan Kratochvil Subject: [patch] Fix off-by-one bug in elfread.c Message-Id: <20110722230358.CB4ED190B14@elbrus2.mtv.corp.google.com> Date: Sat, 23 Jul 2011 07:20:00 -0000 From: ppluzhnikov@google.com (Paul Pluzhnikov) X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2011-07/txt/msg00649.txt.bz2 Greetings, While running GDB under Valgrind, I noticed a bunch of errors like this: ==32593== Conditional jump or move depends on uninitialised value(s) ==32593== at 0x574F4E: symbol_set_names (/home/src/gdb/symtab.c:622) ==32593== by 0x460D20: prim_record_minimal_symbol_full (/home/src/gdb/minsyms.c:904) ==32593== by 0x51E9B8: record_minimal_symbol (/home/src/gdb/elfread.c:204) ==32593== by 0x51F788: elf_rel_plt_read (/home/src/gdb/elfread.c:679) ==32593== by 0x520F2C: elf_symfile_read (/home/src/gdb/elfread.c:1302) ==32593== by 0x58293D: syms_from_objfile (/home/src/gdb/symfile.c:1016) ==32593== by 0x582B6E: symbol_file_add_with_addrs_or_offsets (/home/src/gdb/symfile.c:1125) ==32593== by 0x582D88: symbol_file_add_from_bfd (/home/src/gdb/symfile.c:1217) ==32593== by 0x4759E4: solib_read_symbols (/home/src/gdb/solib.c:651) ==32593== by 0x476008: solib_add (/home/src/gdb/solib.c:960) ==32593== by 0x49E608: enable_break (/home/src/gdb/solib-svr4.c:1556) ==32593== by 0x49F5EE: svr4_solib_create_inferior_hook (/home/src/gdb/solib-svr4.c:2210) AFAICT, they are the result of off-by-one bug in elf_rel_plt_read. Patch attached. Thanks, -- Paul Pluzhnikov 2011-07-22 Paul Pluzhnikov * elfread.c (elf_rel_plt_read): Fix off-by-one bug. Index: elfread.c =================================================================== RCS file: /cvs/src/src/gdb/elfread.c,v retrieving revision 1.116 diff -u -p -r1.116 elfread.c --- elfread.c 26 May 2011 07:47:10 -0000 1.116 +++ elfread.c 22 Jul 2011 22:49:06 -0000 @@ -667,14 +667,14 @@ elf_rel_plt_read (struct objfile *objfil OBJFILE the symbol is undefined and the objfile having NAME defined may not yet have been loaded. */ - if (string_buffer_size < name_len + got_suffix_len) + if (string_buffer_size < name_len + got_suffix_len + 1) { string_buffer_size = 2 * (name_len + got_suffix_len); string_buffer = xrealloc (string_buffer, string_buffer_size); } memcpy (string_buffer, name, name_len); memcpy (&string_buffer[name_len], SYMBOL_GOT_PLT_SUFFIX, - got_suffix_len); + got_suffix_len + 1); msym = record_minimal_symbol (string_buffer, name_len + got_suffix_len, 1, address, mst_slot_got_plt, got_plt,