Fix a bug in the function reordering linker plugin where the number of nodes
to be reordered is incremented in the wrong place. This caused a heap buffer
to overflow under certain conditions.
The linker plugin itself is only available in the google 4_6 branch and I will
port it to other branches and make it available for review for trunk soon.
* callgraph.c (parse_callgraph_section_contents): Remove increment
to num_real_nodes.
(set_node_type): Increment num_real_nodes.
Index: function_reordering_plugin/callgraph.c
===================================================================
--- function_reordering_plugin/callgraph.c (revision 183860)
+++ function_reordering_plugin/callgraph.c (working copy)
@@ -304,7 +304,6 @@ parse_callgraph_section_contents (unsigned char *s
caller = caller + HEADER_LEN;
curr_length = read_length;
caller_node = get_function_node (caller);
- num_real_nodes++;
while (curr_length < length)
{
@@ -422,7 +421,10 @@ static void set_node_type (Node *n)
char *name = n->name;
slot = htab_find_with_hash (section_map, name, htab_hash_string (name));
if (slot != NULL)
- set_as_real_node (n);
+ {
+ set_as_real_node (n);
+ num_real_nodes++;
+ }
}
void
--
This patch is available for review at http://codereview.appspot.com/5623048
