ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

linux-user: Fix the load of ELF files that have no "useful" symbol 

This patch fixes a "double free()" due to "realloc(syms, 0)" in the
loader when the ELF file has no "useful" symbol, as with the following
example (compiled with "sh4-linux-gcc -nostdlib"):

    .text
    .align 1
    .global _start
    _start:
        mov     #1, r3
        trapa   #40     // syscall(__NR_exit)
        nop

The bug appears when the log (option "-d") is enabled.

Signed-off-by: Cédric VINCENT <cedric.vincent@st.com>
Signed-off-by: Yves JANIN <yves.janin@st.com>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
Reviewed-by: Richard Henderson <rth@twiddle.net>
This commit is contained in:
Cédric VINCENT 2011-06-01 14:36:38 +02:00 committed by Riku Voipio
parent 9a826d7854
commit b947527941
1 changed files with 19 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
linux-user/elfload.c
View File

@ -1643,9 +1643,9 @@ static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias)
{ {
int i, shnum, nsyms, sym_idx = 0, str_idx = 0; int i, shnum, nsyms, sym_idx = 0, str_idx = 0;
struct elf_shdr *shdr; struct elf_shdr *shdr;
char *strings; char *strings = NULL;
struct syminfo *s; struct syminfo *s = NULL;
struct elf_sym *syms, *new_syms; struct elf_sym *new_syms, *syms = NULL;
shnum = hdr->e_shnum; shnum = hdr->e_shnum;
i = shnum * sizeof(struct elf_shdr); i = shnum * sizeof(struct elf_shdr);
@ -1670,24 +1670,19 @@ static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias)
/* Now know where the strtab and symtab are. Snarf them. */ /* Now know where the strtab and symtab are. Snarf them. */
s = malloc(sizeof(*s)); s = malloc(sizeof(*s));
if (!s) { if (!s) {
return; goto give_up;
} }
i = shdr[str_idx].sh_size; i = shdr[str_idx].sh_size;
s->disas_strtab = strings = malloc(i); s->disas_strtab = strings = malloc(i);
if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) { if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) {
free(s); goto give_up;
free(strings);
return;
} }
i = shdr[sym_idx].sh_size; i = shdr[sym_idx].sh_size;
syms = malloc(i); syms = malloc(i);
if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) { if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) {
free(s); goto give_up;
free(strings);
free(syms);
return;
} }
nsyms = i / sizeof(struct elf_sym); nsyms = i / sizeof(struct elf_sym);
@ -1710,16 +1705,18 @@ static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias)
} }
} }
/* No "useful" symbol. */
if (nsyms == 0) {
goto give_up;
}
/* Attempt to free the storage associated with the local symbols /* Attempt to free the storage associated with the local symbols
that we threw away. Whether or not this has any effect on the that we threw away. Whether or not this has any effect on the
memory allocation depends on the malloc implementation and how memory allocation depends on the malloc implementation and how
many symbols we managed to discard. */ many symbols we managed to discard. */
new_syms = realloc(syms, nsyms * sizeof(*syms)); new_syms = realloc(syms, nsyms * sizeof(*syms));
if (new_syms == NULL) { if (new_syms == NULL) {
free(s); goto give_up;
free(syms);
free(strings);
return;
} }
syms = new_syms; syms = new_syms;
@ -1734,6 +1731,13 @@ static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias)
s->lookup_symbol = lookup_symbolxx; s->lookup_symbol = lookup_symbolxx;
s->next = syminfos; s->next = syminfos;
syminfos = s; syminfos = s;
return;
give_up:
free(s);
free(strings);
free(syms);
} }
int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs, int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs,