[Bug binutils/19005] objcopy buffer-over-read

[hjl.tools at gmail dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=19005

--- Comment #10 from H.J. Lu <hjl.tools at gmail dot com> ---
(In reply to Andrew Stubbs from comment #9)
> No, it's the call to bfd_set_section_contents in which the UB occurs. You
> can see this with valgrind:
> 

I got

address@hidden pr19005]$ cat x.S
        .text
        .byte 1,2,3
address@hidden pr19005]$ make x.o
gcc -B./  -c -o x.o x.S
address@hidden pr19005]$ valgrind ./objcopy -O binary -j .text --pad-to=6
--reverse-bytes=6 x.o y.o
==23717== Memcheck, a memory error detector
==23717== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==23717== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==23717== Command: ./objcopy -O binary -j .text --pad-to=6 --reverse-bytes=6
x.o y.o
==23717== 
./objcopy: cannot reverse bytes: length of section .text must be evenly
divisible by 6
==23717== 
==23717== HEAP SUMMARY:
==23717==     in use at exit: 24,739 bytes in 35 blocks
==23717==   total heap usage: 99 allocs, 64 frees, 36,615 bytes allocated
==23717== 
==23717== LEAK SUMMARY:
==23717==    definitely lost: 0 bytes in 0 blocks
==23717==    indirectly lost: 0 bytes in 0 blocks
==23717==      possibly lost: 0 bytes in 0 blocks
==23717==    still reachable: 24,739 bytes in 35 blocks
==23717==         suppressed: 0 bytes in 0 blocks
==23717== Rerun with --leak-check=full to see details of leaked memory
==23717== 
==23717== For counts of detected and suppressed errors, rerun with: -v
==23717== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
address@hidden pr19005]$ 


> Neither patch fixes that. Both also leave the interleave code broken, I
> think.

We need a testcase for interleave.

-- 
You are receiving this mail because:
You are on the CC list for the bug.