From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 33459 invoked by alias); 25 Mar 2019 15:31:14 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 33203 invoked by uid 89); 25 Mar 2019 15:31:14 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-15.8 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_STOCKGEN,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS autolearn=ham version=3.3.1 spammy= X-HELO: gateway30.websitewelcome.com Received: from gateway30.websitewelcome.com (HELO gateway30.websitewelcome.com) (192.185.198.26) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 25 Mar 2019 15:31:07 +0000 Received: from cm14.websitewelcome.com (cm14.websitewelcome.com [100.42.49.7]) by gateway30.websitewelcome.com (Postfix) with ESMTP id 1E34F12771 for ; Mon, 25 Mar 2019 10:31:06 -0500 (CDT) Received: from box5379.bluehost.com ([162.241.216.53]) by cmsmtp with SMTP id 8RZ4haR002qH78RZ4h0Tfx; Mon, 25 Mar 2019 10:31:06 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tromey.com; s=default; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Cxhfr9c0jUeKPiWV9mwZne7RUGWvxcqOtTnirW8jYk8=; b=RrlrvWNi96sC4++9y5/97QT1ja VqFcdWhSif6pRtwmyjQdsfme6ZsOsdfKFd2JJgnl96QaAP82IjGbELk/AeLHFBk5lCUNgeBZB4n9B AZMnEx9J6B7DMZrQk5Yu6ssF8; Received: from 174-29-37-56.hlrn.qwest.net ([174.29.37.56]:54958 helo=murgatroyd) by box5379.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from ) id 1h8RZ3-003ruS-RY; Mon, 25 Mar 2019 10:31:05 -0500 From: Tom Tromey To: Philippe Waroquiers Cc: gdb-patches@sourceware.org Subject: Re: [RFAv2] Fix buffer overflow regression due to minsym malloc-ed instead of obstack-ed. References: <20190324091856.2529-1-philippe.waroquiers@skynet.be> Date: Mon, 25 Mar 2019 15:31:00 -0000 In-Reply-To: <20190324091856.2529-1-philippe.waroquiers@skynet.be> (Philippe Waroquiers's message of "Sun, 24 Mar 2019 10:18:56 +0100") Message-ID: <87h8brj7ie.fsf@tromey.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-SW-Source: 2019-03/txt/msg00543.txt.bz2 >>>>> "Philippe" == Philippe Waroquiers writes: Philippe> Before this commit, the array of 'struct minimal_symbol' Philippe> contained a last element that was a "null symbol". The comment in Philippe> minimal_symbol_reader::install was: Sorry about this. Philippe> Note that a bunch of comments in minimal_symbol_reader::install Philippe> are still referring to allocations being done in obstack. These Philippe> comments seem obsolete. I have not fixed them, as I have not Philippe> understood what they are explaining (e.g. related to language Philippe> auto, demangling, etc : I have not seen where all this is done). The comment about language_auto is mildly incorrect, and I think probably has been for quite some time. There are some other incorrect comments in there. I'll send a patch. Philippe> + int n_after_msymbol = minsym.objfile->per_bfd->minimal_symbol_count Philippe> + - (msymbol - minsym.objfile->per_bfd->msymbols.get ()) Philippe> + - 1; What do you think of the appended instead? The idea is to make the last element more explicit. Tom diff --git a/gdb/minsyms.c b/gdb/minsyms.c index b95e9ef6e8b..03743e3062b 100644 --- a/gdb/minsyms.c +++ b/gdb/minsyms.c @@ -1480,11 +1480,10 @@ find_solib_trampoline_target (struct frame_info *frame, CORE_ADDR pc) CORE_ADDR minimal_symbol_upper_bound (struct bound_minimal_symbol minsym) { - int i; short section; struct obj_section *obj_section; CORE_ADDR result; - struct minimal_symbol *msymbol; + struct minimal_symbol *iter, *msymbol; gdb_assert (minsym.minsym != NULL); @@ -1499,21 +1498,24 @@ minimal_symbol_upper_bound (struct bound_minimal_symbol minsym) other sections, to find the next symbol in this section with a different address. */ + struct minimal_symbol *last + = (minsym.objfile->per_bfd->msymbols.get () + + minsym.objfile->per_bfd->minimal_symbol_count); msymbol = minsym.minsym; section = MSYMBOL_SECTION (msymbol); - for (i = 1; MSYMBOL_LINKAGE_NAME (msymbol + i) != NULL; i++) + for (iter = msymbol + 1; iter < last; ++iter) { - if ((MSYMBOL_VALUE_RAW_ADDRESS (msymbol + i) + if ((MSYMBOL_VALUE_RAW_ADDRESS (iter) != MSYMBOL_VALUE_RAW_ADDRESS (msymbol)) - && MSYMBOL_SECTION (msymbol + i) == section) + && MSYMBOL_SECTION (iter) == section) break; } obj_section = MSYMBOL_OBJ_SECTION (minsym.objfile, minsym.minsym); - if (MSYMBOL_LINKAGE_NAME (msymbol + i) != NULL - && (MSYMBOL_VALUE_ADDRESS (minsym.objfile, msymbol + i) + if (iter < last + && (MSYMBOL_VALUE_ADDRESS (minsym.objfile, iter) < obj_section_endaddr (obj_section))) - result = MSYMBOL_VALUE_ADDRESS (minsym.objfile, msymbol + i); + result = MSYMBOL_VALUE_ADDRESS (minsym.objfile, iter); else /* We got the start address from the last msymbol in the objfile. So the end address is the end of the section. */