diff options
| author | Nick Clifton <nickc@redhat.com> | 2018-04-23 12:52:42 +0100 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2018-04-23 12:52:42 +0100 |
| commit | bf82069dce1b1a88560e5d7320342c78372b627e (patch) | |
| tree | 4abcb9d2e34f69b7231f586c5d6e82e9a75b4d9c /bfd | |
| parent | 5a6312e8c015d4a98020038f3b6e144db230f3ca (diff) | |
| download | gdb-bf82069dce1b1a88560e5d7320342c78372b627e.zip gdb-bf82069dce1b1a88560e5d7320342c78372b627e.tar.gz gdb-bf82069dce1b1a88560e5d7320342c78372b627e.tar.bz2 | |
Prevent an illegal memory access in gprof by ensuring that string tables for aout format files are always zero-terminated.
PR 23056
* aoutx.h (aout_get_external_symbols): Allocate an extra byte at
the end of the string table, and zero it.
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/ChangeLog | 12 | ||||
| -rw-r--r-- | bfd/aoutx.h | 7 |
2 files changed, 16 insertions, 3 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 7cc35f3..e8b748b 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2018-04-23 Nick Clifton <nickc@redhat.com> + + PR 23056 + * aoutx.h (aout_get_external_symbols): Allocate an extra byte at + the end of the string table, and zero it. + 2018-04-23 Alan Modra <amodra@gmail.com> * elf-linux-core.h (swap_linux_prpsinfo32_ugid32_out): Disable @@ -7,6 +13,12 @@ (swap_linux_prpsinfo64_ugid16_out): Likewise. * elf.c (elfcore_write_prpsinfo): Likewise. +2018-04-23 Nick Clifton <nickc@redhat.com> + + PR 23056 + * aoutx.h (aout_get_external_symbols): Allocate an extra byte at + the end of the string table, and zero it. + 2018-04-20 Alan Modra <amodra@gmail.com> PR 22978 diff --git a/bfd/aoutx.h b/bfd/aoutx.h index 7cc9561..023843b 100644 --- a/bfd/aoutx.h +++ b/bfd/aoutx.h @@ -1343,7 +1343,7 @@ aout_get_external_symbols (bfd *abfd) #ifdef USE_MMAP if (stringsize >= BYTES_IN_WORD) { - if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize, + if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize + 1, &obj_aout_string_window (abfd), TRUE)) return FALSE; strings = (char *) obj_aout_string_window (abfd).data; @@ -1351,7 +1351,7 @@ aout_get_external_symbols (bfd *abfd) else #endif { - strings = (char *) bfd_malloc (stringsize); + strings = (char *) bfd_malloc (stringsize + 1); if (strings == NULL) return FALSE; @@ -1370,7 +1370,8 @@ aout_get_external_symbols (bfd *abfd) /* Ensure that a zero index yields an empty string. */ strings[0] = '\0'; - strings[stringsize - 1] = 0; + /* Ensure that the string buffer is NUL terminated. */ + strings[stringsize] = 0; obj_aout_external_strings (abfd) = strings; obj_aout_external_string_size (abfd) = stringsize; |