From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9719 invoked by alias); 22 Feb 2004 21:07:41 -0000 Mailing-List: contact gdb-patches-help@sources.redhat.com; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sources.redhat.com Received: (qmail 9712 invoked from network); 22 Feb 2004 21:07:39 -0000 Received: from unknown (HELO aragorn.inter.net.il) (192.114.186.23) by sources.redhat.com with SMTP; 22 Feb 2004 21:07:39 -0000 Received: from zaretski (pns03-195-176.inter.net.il [80.230.195.176]) by aragorn.inter.net.il (MOS 3.4.4-GR) with ESMTP id CMY49212; Sun, 22 Feb 2004 23:07:29 +0200 (IST) Date: Sun, 22 Feb 2004 21:07:00 -0000 From: "Eli Zaretskii" To: Eli Zaretskii Message-Id: <3099-Sun22Feb2004230710+0200-eliz@elta.co.il> CC: gdb-patches@sources.redhat.com In-reply-to: <9791-Sat21Feb2004181440+0200-eliz@elta.co.il> Subject: [RFA] Fix a crash in coffread.c (Was: GDB 6.1 branch 2004-02-26-gmt) Reply-to: Eli Zaretskii References: <20040220011823.848FD4B104@berman.michael-chastain.com> <9791-Sat21Feb2004181440+0200-eliz@elta.co.il> X-SW-Source: 2004-02/txt/msg00623.txt.bz2 > Date: Sat, 21 Feb 2004 18:14:41 +0200 > From: "Eli Zaretskii" > > I built today the latest snapshot of CVS HEAD and found a new > regression: the DJGPP port crashes at startup while debugging itself. Bug squashed, I think. It turned out to be a very old one, actually; the current CVS HEAD didn't introduce it, it just exposed it because the GDB binary is now so large. The bug happens only when GDB (or any other large program) is compiled with COFF debug info and the line table overflows the 64K limit allowed by COFF debug info. I think the patch below fixes that. Okay to commit? 2004-02-22 Eli Zaretskii * coffread.c (enter_linenos): Don't let rawptr reference memory outside linetab[]'s limits. --- gdb/coffread.c~0 2004-02-14 17:46:32.000000000 +0200 +++ gdb/coffread.c 2004-02-22 22:42:34.000000000 +0200 @@ -1362,11 +1362,15 @@ enter_linenos (long file_offset, int fir /* line numbers start at one for the first line of the function */ first_line--; - for (;;) + /* If the line number is full (e.g. 64K lines in COFF debug info), + the next function's L_LNNO32 might not be zero, so don't overstep + the table's end in any case. */ + for ( ; rawptr <= &linetab[0] + linetab_size; ) { bfd_coff_swap_lineno_in (symfile_bfd, rawptr, &lptr); rawptr += local_linesz; - /* The next function, or the sentinel, will have L_LNNO32 zero; we exit. */ + /* The next function, or the sentinel, will have L_LNNO32 zero; + we exit. */ if (L_LNNO32 (&lptr) && L_LNNO32 (&lptr) <= last_line) record_line (current_subfile, first_line + L_LNNO32 (&lptr), lptr.l_addr.l_paddr