aboutsummaryrefslogtreecommitdiff
path: root/bfd
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2018-04-23 12:52:42 +0100
committerNick Clifton <nickc@redhat.com>2018-04-23 12:52:42 +0100
commitbf82069dce1b1a88560e5d7320342c78372b627e (patch)
tree4abcb9d2e34f69b7231f586c5d6e82e9a75b4d9c /bfd
parent5a6312e8c015d4a98020038f3b6e144db230f3ca (diff)
downloadgdb-bf82069dce1b1a88560e5d7320342c78372b627e.zip
gdb-bf82069dce1b1a88560e5d7320342c78372b627e.tar.gz
gdb-bf82069dce1b1a88560e5d7320342c78372b627e.tar.bz2
Prevent an illegal memory access in gprof by ensuring that string tables for aout format files are always zero-terminated.
PR 23056 * aoutx.h (aout_get_external_symbols): Allocate an extra byte at the end of the string table, and zero it.
Diffstat (limited to 'bfd')
-rw-r--r--bfd/ChangeLog12
-rw-r--r--bfd/aoutx.h7
2 files changed, 16 insertions, 3 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 7cc35f3..e8b748b 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2018-04-23 Nick Clifton <nickc@redhat.com>
+
+ PR 23056
+ * aoutx.h (aout_get_external_symbols): Allocate an extra byte at
+ the end of the string table, and zero it.
+
2018-04-23 Alan Modra <amodra@gmail.com>
* elf-linux-core.h (swap_linux_prpsinfo32_ugid32_out): Disable
@@ -7,6 +13,12 @@
(swap_linux_prpsinfo64_ugid16_out): Likewise.
* elf.c (elfcore_write_prpsinfo): Likewise.
+2018-04-23 Nick Clifton <nickc@redhat.com>
+
+ PR 23056
+ * aoutx.h (aout_get_external_symbols): Allocate an extra byte at
+ the end of the string table, and zero it.
+
2018-04-20 Alan Modra <amodra@gmail.com>
PR 22978
diff --git a/bfd/aoutx.h b/bfd/aoutx.h
index 7cc9561..023843b 100644
--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
@@ -1343,7 +1343,7 @@ aout_get_external_symbols (bfd *abfd)
#ifdef USE_MMAP
if (stringsize >= BYTES_IN_WORD)
{
- if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize,
+ if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize + 1,
&obj_aout_string_window (abfd), TRUE))
return FALSE;
strings = (char *) obj_aout_string_window (abfd).data;
@@ -1351,7 +1351,7 @@ aout_get_external_symbols (bfd *abfd)
else
#endif
{
- strings = (char *) bfd_malloc (stringsize);
+ strings = (char *) bfd_malloc (stringsize + 1);
if (strings == NULL)
return FALSE;
@@ -1370,7 +1370,8 @@ aout_get_external_symbols (bfd *abfd)
/* Ensure that a zero index yields an empty string. */
strings[0] = '\0';
- strings[stringsize - 1] = 0;
+ /* Ensure that the string buffer is NUL terminated. */
+ strings[stringsize] = 0;
obj_aout_external_strings (abfd) = strings;
obj_aout_external_string_size (abfd) = stringsize;