From: Matthias Klose <doko@debian.org>
Date: Fri, 22 Jun 2018 06:11:21 +0000 (+0100)
Subject: pr23056
X-Git-Tag: archive/raspbian/2.30-22+rpi1^2~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=c1230ead1076a1679d5e9c03de2bacc60dda3a95;p=binutils.git

pr23056

# DP: Fix PR gprof/23056, memory corruption in gprof.

bfd/

2018-04-23  Nick Clifton  <nickc@redhat.com>

	PR 23056
	* aoutx.h (aout_get_external_symbols): Allocate an extra byte at
	the end of the string table, and zero it.


Gbp-Pq: Name pr23056.diff
---

diff --git a/bfd/aoutx.h b/bfd/aoutx.h
index f14683e52..1db9cb8c8 100644
--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
@@ -1363,7 +1363,7 @@ aout_get_external_symbols (bfd *abfd)
 #ifdef USE_MMAP
       if (stringsize >= BYTES_IN_WORD)
 	{
-	  if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize,
+	  if (! bfd_get_file_window (abfd, obj_str_filepos (abfd), stringsize + 1,
 				     &obj_aout_string_window (abfd), TRUE))
 	    return FALSE;
 	  strings = (char *) obj_aout_string_window (abfd).data;
@@ -1371,7 +1371,7 @@ aout_get_external_symbols (bfd *abfd)
       else
 #endif
 	{
-	  strings = (char *) bfd_malloc (stringsize);
+	  strings = (char *) bfd_malloc (stringsize + 1);
 	  if (strings == NULL)
 	    return FALSE;
 
@@ -1390,7 +1390,8 @@ aout_get_external_symbols (bfd *abfd)
       /* Ensure that a zero index yields an empty string.  */
       strings[0] = '\0';
 
-      strings[stringsize - 1] = 0;
+      /* Ensure that the string buffer is NUL terminated.  */
+      strings[stringsize] = 0;
 
       obj_aout_external_strings (abfd) = strings;
       obj_aout_external_string_size (abfd) = stringsize;