This patch http://sourceware.org/ml/binutils/2007-02/msg00006.html
causes a serious memory corruption in linker. There are 2 problems in elf_create_symbuf: ssymbuf = bfd_malloc ((shndx_count + 1) * sizeof (*ssymbuf) + (indbufend - indbuf) * sizeof (*ssymbuf)); if (ssymbuf == NULL) { free (indbuf); return NULL; } ssym = (struct elf_symbuf_symbol *) (ssymbuf + shndx_count); ssymbuf->ssym = NULL; ssymbuf->count = shndx_count; ssymbuf->st_shndx = 0; 1. Only one combined buffer is allocated for both ssymbuf and ssym. But it is wrong to assume that size of ssym is the same as ssymbuf. 2. There are shndx_count + 1 entries in ssymbuf. ssym should start at ssymbuf + shndx_count + 1, not ssymbuf + shndx_count since the first entry is for shndx_count. -- Summary: Linker memory corruption Product: binutils Version: 2.19 (HEAD) Status: NEW Severity: critical Priority: P1 Component: ld AssignedTo: unassigned at sources dot redhat dot com ReportedBy: hjl dot tools at gmail dot com CC: bug-binutils at gnu dot org,jakub at redhat dot com http://sourceware.org/bugzilla/show_bug.cgi?id=5788 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org http://lists.gnu.org/mailman/listinfo/bug-binutils