* corelow.c (core_open): Don't update the to_sections and

        to_sections_end fields in core_ops here.  It's too late.
        * irix5-nat.c (solib_add): Update the to_sections and
        to_sections_end fields in core_ops here if needed.
        * osfsolib.c (solib_add): Likewise.
        * rs6000-nat.c (xcoff_reload_core): Likewise.
        * solib.c (solib_add): Likewise.
        * somsolib.c (solib_add): Likewise.

1 files changed, 16 insertions, 0 deletions

diff --git a/gdb/somsolib.c b/gdb/somsolib.c
index 16d9fa0..2744e5c 100644
--- a/gdb/somsolib.c
+++ b/gdb/somsolib.c
@@ -405,6 +405,12 @@ som_solib_add (arg_string, from_tty, target)
       if (status != 0)
 	{
 	  int old, new;
+	  int update_coreops;
+
+	  /* We must update the to_sections field in the core_ops structure
+	     here, otherwise we dereference a potential dangling pointer
+	     for each call to target_read/write_memory within this routine.  */
+	  update_coreops = core_ops.to_sections == target->to_sections;
 
 	  new = new_so->sections_end - new_so->sections;
 	  /* Add sections from the shared library to the core target.  */
@@ -422,6 +428,16 @@ som_solib_add (arg_string, from_tty, target)
 		xmalloc ((sizeof (struct section_table)) * new);
 	    }
 	  target->to_sections_end = (target->to_sections + old + new);
+
+	  /* Update the to_sections field in the core_ops structure
+	     if needed.  */
+	  if (update_coreops)
+	    {
+	      core_ops.to_sections = target->to_sections;
+	      core_ops.to_sections_end = target->to_sections_end;
+	    }
+
+	  /* Copy over the old data before it gets clobbered.  */
 	  memcpy ((char *)(target->to_sections + old),
 		  new_so->sections,
 		  ((sizeof (struct section_table)) * new));