[Tinycc-devel] [PATCH] invalid memory access in free

tinycc-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Tinycc-devel] [PATCH] invalid memory access in free_section()

From:	David Raulo
Subject:	[Tinycc-devel] [PATCH] invalid memory access in free_section()
Date:	Fri, 20 Mar 2009 20:04:11 +0100

Hi,

I am a user of the libtcc API; the code I'm working with comes from the
tip of git://repo.or.cz/tinycc.git
Here is a test case which causes a crash under MSVC; it seems to pass 
under Linux, except if you take a closer look with valgrind
(see attached file tcc_delete_test.c)

What happens _I think_ is that in tcc_delete(), the recursive deletion 
of the program sections can access the sh_flags member of a previously 
deleted section.  With the test case, the call to free_section() on
sections[6] (that is, .rel.text)  looks at s->link->sh_flag which
belongs to the .symtab section; unfortunatly, the later was deleted
already as sections[4].

The proposed fix (attached) is to process the sections in 2 passes: 
- one to recursively traverse the sections, and delete only the ones
with the SHF_PRIVATE flag;
- the second pass to delete the remaining sections.

Is this fix correct?

Best regards,
David.

tcc_delete_fix.diff
Description: Text Data

tcc_delete_test.c
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

[Tinycc-devel] [PATCH] invalid memory access in free_section(), David Raulo <=

Prev by Date: Re: [Tinycc-devel] Is the CVS repository dead yet?
Next by Date: Re: [Tinycc-devel] Is the CVS repository dead yet?
Previous by thread: [Tinycc-devel] shared libraries on x86-64: "unexpected reloc type 0x09"
Next by thread: [Tinycc-devel] Newcomer to TCC (and C) with a couple of questions..
Index(es):
- Date
- Thread