[RFA] Fix memory corruption bug in mdebugread.c

[RFA] Fix memory corruption bug in mdebugread.c

[Fred Fish]

The code to handle stabs continuation in mdebugread.c incorrectly
attempts to overwrite memory returned by realloc with the original
contents of the memory passed to realloc.  This is wrong for two
reasons; first realloc will do any copying needed if the string is
moved, and second, the copy at the old location may be corrupted by
the time realloc returns a pointer to the new location.

This patch fixes the problem.

-Fred

2002-01-23  Fred Fish  <fnf@redhat.com>

	* mdebugread.c (parse_partial_symbols): Only copy stabstring1 to
	stabstring on initial malloc.  Reallocing will copy it for us,
	if necessary.

Index: mdebugread.c
===================================================================
RCS file: /cvs/src/src/gdb/mdebugread.c,v
retrieving revision 1.22
diff -c -p -r1.22 mdebugread.c
*** mdebugread.c	2002/01/20 19:42:04	1.22
--- mdebugread.c	2002/01/24 00:02:24
*************** parse_partial_symbols (struct objfile *o
*** 2707,2714 ****
  		     && stabstring != debug_info->ss + fh->issBase + sh.iss)
  		      stabstring = xrealloc (stabstring, len + len2 + 1);
  		    else
! 		      stabstring = xmalloc (len + len2 + 1);
! 		    strcpy (stabstring, stabstring1);
  		    strcpy (stabstring + len, stabstring2);
  		    len += len2;
  		  }
--- 2707,2716 ----
  		     && stabstring != debug_info->ss + fh->issBase + sh.iss)
  		      stabstring = xrealloc (stabstring, len + len2 + 1);
  		    else
! 		      {
! 			stabstring = xmalloc (len + len2 + 1);
! 			strcpy (stabstring, stabstring1);
! 		      }
  		    strcpy (stabstring + len, stabstring2);
  		    len += len2;
  		  }

Re: [RFA] Fix memory corruption bug in mdebugread.c

[Michael Snyder]

Fred Fish wrote:
> 
> The code to handle stabs continuation in mdebugread.c incorrectly
> attempts to overwrite memory returned by realloc with the original
> contents of the memory passed to realloc.  This is wrong for two
> reasons; first realloc will do any copying needed if the string is
> moved, and second, the copy at the old location may be corrupted by
> the time realloc returns a pointer to the new location.
> 
> This patch fixes the problem.
> 
> -Fred

Looks correct to me.  Since the file has no maintainer, 
I'll give approval.  

> 2002-01-23  Fred Fish  <fnf@redhat.com>
> 
>         * mdebugread.c (parse_partial_symbols): Only copy stabstring1 to
>         stabstring on initial malloc.  Reallocing will copy it for us,
>         if necessary.
> 
> Index: mdebugread.c
> ===================================================================
> RCS file: /cvs/src/src/gdb/mdebugread.c,v
> retrieving revision 1.22
> diff -c -p -r1.22 mdebugread.c
> *** mdebugread.c        2002/01/20 19:42:04     1.22
> --- mdebugread.c        2002/01/24 00:02:24
> *************** parse_partial_symbols (struct objfile *o
> *** 2707,2714 ****
>                      && stabstring != debug_info->ss + fh->issBase + sh.iss)
>                       stabstring = xrealloc (stabstring, len + len2 + 1);
>                     else
> !                     stabstring = xmalloc (len + len2 + 1);
> !                   strcpy (stabstring, stabstring1);
>                     strcpy (stabstring + len, stabstring2);
>                     len += len2;
>                   }
> --- 2707,2716 ----
>                      && stabstring != debug_info->ss + fh->issBase + sh.iss)
>                       stabstring = xrealloc (stabstring, len + len2 + 1);
>                     else
> !                     {
> !                       stabstring = xmalloc (len + len2 + 1);
> !                       strcpy (stabstring, stabstring1);
> !                     }
>                     strcpy (stabstring + len, stabstring2);
>                     len += len2;
>                   }