[packages/binutils.git] / binutils-pr-5788.patch

2008-02-22  H.J. Lu  <hongjiu.lu@intel.com>

	PR ld/5788
	* elflink.c (elf_create_symbuf): Correct buffer size and
	position.

--- bfd/elflink.c	20 Feb 2008 17:42:35 -0000	1.297
+++ bfd/elflink.c	23 Feb 2008 00:02:05 -0000	1.298
@@ -6870,7 +6870,7 @@ elf_create_symbuf (bfd_size_type symcoun
   Elf_Internal_Sym **ind, **indbufend, **indbuf;
   struct elf_symbuf_symbol *ssym;
   struct elf_symbuf_head *ssymbuf, *ssymhead;
-  bfd_size_type i, shndx_count;
+  bfd_size_type i, shndx_count, total_size;
 
   indbuf = bfd_malloc2 (symcount, sizeof (*indbuf));
   if (indbuf == NULL)
@@ -6890,15 +6890,16 @@ elf_create_symbuf (bfd_size_type symcoun
       if (ind[0]->st_shndx != ind[1]->st_shndx)
 	shndx_count++;
 
-  ssymbuf = bfd_malloc ((shndx_count + 1) * sizeof (*ssymbuf)
-			+ (indbufend - indbuf) * sizeof (*ssymbuf));
+  total_size = ((shndx_count + 1) * sizeof (*ssymbuf)
+		+ (indbufend - indbuf) * sizeof (*ssym));
+  ssymbuf = bfd_malloc (total_size);
   if (ssymbuf == NULL)
     {
       free (indbuf);
       return NULL;
     }
 
-  ssym = (struct elf_symbuf_symbol *) (ssymbuf + shndx_count);
+  ssym = (struct elf_symbuf_symbol *) (ssymbuf + shndx_count + 1);
   ssymbuf->ssym = NULL;
   ssymbuf->count = shndx_count;
   ssymbuf->st_shndx = 0;
@@ -6916,7 +6917,9 @@ elf_create_symbuf (bfd_size_type symcoun
       ssym->st_other = (*ind)->st_other;
       ssymhead->count++;
     }
-  BFD_ASSERT ((bfd_size_type) (ssymhead - ssymbuf) == shndx_count);
+  BFD_ASSERT ((bfd_size_type) (ssymhead - ssymbuf) == shndx_count
+	      && (((bfd_hostptr_t) ssym - (bfd_hostptr_t) ssymbuf)
+		  == total_size));
 
   free (indbuf);
   return ssymbuf;
Commit	Line	Data
be65495e AM	1	2008-02-22 H.J. Lu <hongjiu.lu@intel.com>
	2
	3	PR ld/5788
	4	* elflink.c (elf_create_symbuf): Correct buffer size and
	5	position.
	6
	7	--- bfd/elflink.c 20 Feb 2008 17:42:35 -0000 1.297
	8	+++ bfd/elflink.c 23 Feb 2008 00:02:05 -0000 1.298
	9	@@ -6870,7 +6870,7 @@ elf_create_symbuf (bfd_size_type symcoun
	10	Elf_Internal_Sym ind, indbufend, **indbuf;
	11	struct elf_symbuf_symbol *ssym;
	12	struct elf_symbuf_head ssymbuf, ssymhead;
	13	- bfd_size_type i, shndx_count;
	14	+ bfd_size_type i, shndx_count, total_size;
	15
	16	indbuf = bfd_malloc2 (symcount, sizeof (*indbuf));
	17	if (indbuf == NULL)
	18	@@ -6890,15 +6890,16 @@ elf_create_symbuf (bfd_size_type symcoun
	19	if (ind[0]->st_shndx != ind[1]->st_shndx)
	20	shndx_count++;
	21
	22	- ssymbuf = bfd_malloc ((shndx_count + 1) * sizeof (*ssymbuf)
	23	- + (indbufend - indbuf) * sizeof (*ssymbuf));
	24	+ total_size = ((shndx_count + 1) * sizeof (*ssymbuf)
	25	+ + (indbufend - indbuf) * sizeof (*ssym));
	26	+ ssymbuf = bfd_malloc (total_size);
	27	if (ssymbuf == NULL)
	28	{
	29	free (indbuf);
	30	return NULL;
	31	}
	32
	33	- ssym = (struct elf_symbuf_symbol *) (ssymbuf + shndx_count);
	34	+ ssym = (struct elf_symbuf_symbol *) (ssymbuf + shndx_count + 1);
	35	ssymbuf->ssym = NULL;
	36	ssymbuf->count = shndx_count;
	37	ssymbuf->st_shndx = 0;
	38	@@ -6916,7 +6917,9 @@ elf_create_symbuf (bfd_size_type symcoun
	39	ssym->st_other = (*ind)->st_other;
	40	ssymhead->count++;
	41	}
	42	- BFD_ASSERT ((bfd_size_type) (ssymhead - ssymbuf) == shndx_count);
	43	+ BFD_ASSERT ((bfd_size_type) (ssymhead - ssymbuf) == shndx_count
	44	+ && (((bfd_hostptr_t) ssym - (bfd_hostptr_t) ssymbuf)
	45	+ == total_size));
	46
	47	free (indbuf);
	48	return ssymbuf;