[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 02/18] linux-user: Fix the load of ELF files that ha
From: |
riku . voipio |
Subject: |
[Qemu-devel] [PATCH 02/18] linux-user: Fix the load of ELF files that have no "useful" symbol |
Date: |
Mon, 20 Jun 2011 19:20:07 +0300 |
From: Cédric VINCENT <address@hidden>
This patch fixes a "double free()" due to "realloc(syms, 0)" in the
loader when the ELF file has no "useful" symbol, as with the following
example (compiled with "sh4-linux-gcc -nostdlib"):
.text
.align 1
.global _start
_start:
mov #1, r3
trapa #40 // syscall(__NR_exit)
nop
The bug appears when the log (option "-d") is enabled.
Signed-off-by: Cédric VINCENT <address@hidden>
Signed-off-by: Yves JANIN <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
---
linux-user/elfload.c | 34 +++++++++++++++++++---------------
1 files changed, 19 insertions(+), 15 deletions(-)
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index dcfeb7a..a4aabd5 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -1643,9 +1643,9 @@ static void load_symbols(struct elfhdr *hdr, int fd,
abi_ulong load_bias)
{
int i, shnum, nsyms, sym_idx = 0, str_idx = 0;
struct elf_shdr *shdr;
- char *strings;
- struct syminfo *s;
- struct elf_sym *syms, *new_syms;
+ char *strings = NULL;
+ struct syminfo *s = NULL;
+ struct elf_sym *new_syms, *syms = NULL;
shnum = hdr->e_shnum;
i = shnum * sizeof(struct elf_shdr);
@@ -1670,24 +1670,19 @@ static void load_symbols(struct elfhdr *hdr, int fd,
abi_ulong load_bias)
/* Now know where the strtab and symtab are. Snarf them. */
s = malloc(sizeof(*s));
if (!s) {
- return;
+ goto give_up;
}
i = shdr[str_idx].sh_size;
s->disas_strtab = strings = malloc(i);
if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) {
- free(s);
- free(strings);
- return;
+ goto give_up;
}
i = shdr[sym_idx].sh_size;
syms = malloc(i);
if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) {
- free(s);
- free(strings);
- free(syms);
- return;
+ goto give_up;
}
nsyms = i / sizeof(struct elf_sym);
@@ -1710,16 +1705,18 @@ static void load_symbols(struct elfhdr *hdr, int fd,
abi_ulong load_bias)
}
}
+ /* No "useful" symbol. */
+ if (nsyms == 0) {
+ goto give_up;
+ }
+
/* Attempt to free the storage associated with the local symbols
that we threw away. Whether or not this has any effect on the
memory allocation depends on the malloc implementation and how
many symbols we managed to discard. */
new_syms = realloc(syms, nsyms * sizeof(*syms));
if (new_syms == NULL) {
- free(s);
- free(syms);
- free(strings);
- return;
+ goto give_up;
}
syms = new_syms;
@@ -1734,6 +1731,13 @@ static void load_symbols(struct elfhdr *hdr, int fd,
abi_ulong load_bias)
s->lookup_symbol = lookup_symbolxx;
s->next = syminfos;
syminfos = s;
+
+ return;
+
+give_up:
+ free(s);
+ free(strings);
+ free(syms);
}
int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs,
--
1.7.4.1
- [Qemu-devel] [PATCH 00/18] pending linux-user patches, riku . voipio, 2011/06/20
- [Qemu-devel] [PATCH 01/18] Don't translate pointer when in restore_sigcontext, riku . voipio, 2011/06/20
- [Qemu-devel] [PATCH 05/18] arm-semi.c: Use correct check for failure of do_brk(), riku . voipio, 2011/06/20
- [Qemu-devel] [PATCH 04/18] linux-user: Don't use MAP_FIXED in do_brk(), riku . voipio, 2011/06/20
- [Qemu-devel] [PATCH 02/18] linux-user: Fix the load of ELF files that have no "useful" symbol,
riku . voipio <=
- [Qemu-devel] [PATCH 07/18] linux-user: Fix the computation of the requested heap size, riku . voipio, 2011/06/20
- [Qemu-devel] [PATCH 03/18] linux-user: Handle images where lowest vaddr is not page aligned, riku . voipio, 2011/06/20
- [Qemu-devel] [PATCH 06/18] m68k-semi.c: Use correct check for failure of do_brk(), riku . voipio, 2011/06/20
- [Qemu-devel] [PATCH 08/18] linux-user: add pselect6 syscall support, riku . voipio, 2011/06/20
- [Qemu-devel] [PATCH 09/18] linux-user: Define AT_RANDOM to support target stack protection mechanism., riku . voipio, 2011/06/20
- [Qemu-devel] [PATCH 10/18] linuxload: id_change was a write only variable, riku . voipio, 2011/06/20