binutils-pr-5788.patch

   1 2008-02-22  H.J. Lu  <hongjiu.lu@intel.com>
   2
   3         PR ld/5788
   4         * elflink.c (elf_create_symbuf): Correct buffer size and
   5         position.
   6
   7 --- bfd/elflink.c       20 Feb 2008 17:42:35 -0000      1.297
   8 +++ bfd/elflink.c       23 Feb 2008 00:02:05 -0000      1.298
   9 @@ -6870,7 +6870,7 @@ elf_create_symbuf (bfd_size_type symcoun
  10    Elf_Internal_Sym **ind, **indbufend, **indbuf;
  11    struct elf_symbuf_symbol *ssym;
  12    struct elf_symbuf_head *ssymbuf, *ssymhead;
  13 -  bfd_size_type i, shndx_count;
  14 +  bfd_size_type i, shndx_count, total_size;
  15
  16    indbuf = bfd_malloc2 (symcount, sizeof (*indbuf));
  17    if (indbuf == NULL)
  18 @@ -6890,15 +6890,16 @@ elf_create_symbuf (bfd_size_type symcoun
  19        if (ind[0]->st_shndx != ind[1]->st_shndx)
  20         shndx_count++;
  21
  22 -  ssymbuf = bfd_malloc ((shndx_count + 1) * sizeof (*ssymbuf)
  23 -                       + (indbufend - indbuf) * sizeof (*ssymbuf));
  24 +  total_size = ((shndx_count + 1) * sizeof (*ssymbuf)
  25 +               + (indbufend - indbuf) * sizeof (*ssym));
  26 +  ssymbuf = bfd_malloc (total_size);
  27    if (ssymbuf == NULL)
  28      {
  29        free (indbuf);
  30        return NULL;
  31      }
  32
  33 -  ssym = (struct elf_symbuf_symbol *) (ssymbuf + shndx_count);
  34 +  ssym = (struct elf_symbuf_symbol *) (ssymbuf + shndx_count + 1);
  35    ssymbuf->ssym = NULL;
  36    ssymbuf->count = shndx_count;
  37    ssymbuf->st_shndx = 0;
  38 @@ -6916,7 +6917,9 @@ elf_create_symbuf (bfd_size_type symcoun
  39        ssym->st_other = (*ind)->st_other;
  40        ssymhead->count++;
  41      }
  42 -  BFD_ASSERT ((bfd_size_type) (ssymhead - ssymbuf) == shndx_count);
  43 +  BFD_ASSERT ((bfd_size_type) (ssymhead - ssymbuf) == shndx_count
  44 +             && (((bfd_hostptr_t) ssym - (bfd_hostptr_t) ssymbuf)
  45 +                 == total_size));
  46
  47    free (indbuf);
  48    return ssymbuf;