Hi, While playing with valgrind I saw this:
==28430== Invalid read of size 8 ==28430== at 0x4E48AC5: find_section (derelocate.c:321) ==28430== by 0x4E48D58: dwfl_module_address_section (derelocate.c:366) ==28430== by 0x400B06: main (dwfl-addr-sect.c:38) ==28430== Address 0x62a9a48 is not stack'd, malloc'd or (recently) free'd Valgrind is right, there is an off-by-one check failure that can mean we access beyond the end of an array. The following fixes it: 2012-09-25 Mark Wielaard <[email protected]> * derelocate.c (find_section): Check next section exists before accessing it. Cheers, Mark
diff --git a/libdwfl/derelocate.c b/libdwfl/derelocate.c index e3fcba8..56f998c 100644 --- a/libdwfl/derelocate.c +++ b/libdwfl/derelocate.c @@ -317,7 +317,7 @@ find_section (Dwfl_Module *mod, Dwarf_Addr *addr) inside the next one. A section limit address can appear in line records. */ if (*addr == sections->refs[idx].end - && idx < sections->count + && idx + 1 < sections->count && *addr == sections->refs[idx + 1].start) ++idx;
_______________________________________________ elfutils-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/elfutils-devel
