tinycc-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tinycc-devel] Crash report for [mob:3054a76]


From: Steffen Nurpmeso
Subject: Re: [Tinycc-devel] Crash report for [mob:3054a76]
Date: Fri, 11 Nov 2016 15:06:17 +0100
User-agent: s-nail v14.9.0-pre2-9-gebb59f7

Hallo.

Michael Matz <address@hidden> wrote:
 |On Wed, 9 Nov 2016, Steffen Nurpmeso wrote:
 |> Michael Matz <address@hidden> wrote:
 |>|On Tue, 8 Nov 2016, Steffen Nurpmeso wrote:
 |>  ...
 |>|> cc': corrupted double-linked list: 0x000000000065c0f0 ***
 |>|
 |>|Something in tcc is probably overwriting random memory which happens \
 |>|to be 
 |>|meta info malloc is using for its own implementation leading to the 
 |>|ovserved abort (which basically is a consistency check on that internal 
 |>|data).  valgrind often helps in identifying the real cause, so do:
 |> 
 |> The attached diff fixes the issue for me.
 |
 |So, the patch was:
 ...

No, that strcpy() came just along, it smelled fishy..

 |Maybe it helps but if so for unknown reasons.  The type Section has as 
 |last member "char name[1]", that is, sizeof(Section) already contains the 
 |+1.  The above merely overallocates the struct by another byte.  Can you 
 |show use valgrind output, or alternatively give us the .o file that causes 
 |the crash?

..just along the way.  Just skip those hunks then (another one in
the other diff).

 |> @@ -695,8 +697,9 @@ ST_FUNC void relocate_section(TCCState *s1, Section \
 |> *s)
 |> #endif
 |>  
 |>      for_each_elem(sr, 0, rel, ElfW_Rel) {
 |> -        ptr = s->data + rel->r_offset;
 |> +        section_ptr_add(s, 8);
 |>  
 |> +        ptr = s->data + rel->r_offset;
 |>          sym_index = ELFW(R_SYM)(rel->r_info);
 |>          sym = &((ElfW(Sym) *)symtab_section->data)[sym_index];
 |>          val = sym->st_value;
 |
 |No, that's certainly wrong.  You don't want to enlarge a section by 8 
 |bytes for every relocation applied to it.  It must already be large enough 
 |to cover the relocations place, otherwise the one creating the reloc did 
 |something wrong.

That is the patch that helped.  I have no idea of tinycc
internals, i just traversed my way along, the crash happened here
due to out-of-bounds, reserving room (for the largest alloc in the
following switch if i looked correctly) fixed the problem.
Ciao.

--steffen



reply via email to

[Prev in Thread] Current Thread [Next in Thread]