https://sourceware.org/bugzilla/show_bug.cgi?id=33745
--- Comment #2 from Zheng Bao <fishbaoz at hotmail dot com> --- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob;f=gas/config/obj-elf.c;h=579c1df2dc30da39d20b187b6d3f12e0d7d78b8f;hb=HEAD#l2830 2827 char *p = strchr (sy_obj->versioned_name->name, 2828 ELF_VER_CHR); 2829 2830 if (sy_obj->rename) 2831 { 2832 /* The @@@ syntax is a special case. If the symbol is 2833 not defined, 2 `@'s will be removed from the 2834 versioned_name. Otherwise, 1 `@' will be removed. */ 2835 size_t l = strlen (&p[3]) + 1; 2836 memmove (&p[1 + is_defined], &p[3], l); 2837 } p points to the first '@'. p[3] assumes there are 3 '@' at p. But in fact, the versioned_name is a chain, which holds the @@@ at the head or at the tail. If p is pointing '@@', the size l would be big, and memmove would copy some trash data. -- You are receiving this mail because: You are on the CC list for the bug.
