This is the mail archive of the
binutils-cvs@sourceware.org
mailing list for the binutils project.
[binutils-gdb] Prevent overflowing the selected_cpu_name buffer in the ARM assembler.
- From: Nick Clifton <nickc at sourceware dot org>
- To: bfd-cvs at sourceware dot org
- Date: 27 Oct 2015 09:34:05 -0000
- Subject: [binutils-gdb] Prevent overflowing the selected_cpu_name buffer in the ARM assembler.
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef8e6722f2eaae6d65b360459451f57f1350d2af
commit ef8e6722f2eaae6d65b360459451f57f1350d2af
Author: Jim Wilson <jim.wilson@linaro.org>
Date: Tue Oct 27 09:33:08 2015 +0000
Prevent overflowing the selected_cpu_name buffer in the ARM assembler.
* config/tc-arm.c (selected_cpu_name): Increase length of array to
accomodate "Samsung Exynos M1".
(arm_parse_cpu): Add assertion and length check to prevent
overfilling selected_cpu_name.
Diff:
---
gas/ChangeLog | 7 +++++++
gas/config/tc-arm.c | 10 ++++++++--
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/gas/ChangeLog b/gas/ChangeLog
index 1b77b64..0dcabf6 100644
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,3 +1,10 @@
+2015-10-27 Jim Wilson <jim.wilson@linaro.org>
+
+ * config/tc-arm.c (selected_cpu_name): Increase length of array to
+ accomodate "Samsung Exynos M1".
+ (arm_parse_cpu): Add assertion and length check to prevent
+ overfilling selected_cpu_name.
+
2015-10-22 Nick Clifton <nickc@redhat.com>
* config/tc-msp430.c (PUSH_1X_WORKAROUND): Delete.
diff --git a/gas/config/tc-arm.c b/gas/config/tc-arm.c
index efc522a..14bebe8 100644
--- a/gas/config/tc-arm.c
+++ b/gas/config/tc-arm.c
@@ -266,7 +266,7 @@ static int mfloat_abi_opt = -1;
/* Record user cpu selection for object attributes. */
static arm_feature_set selected_cpu = ARM_ARCH_NONE;
/* Must be long enough to hold any of the names in arm_cpus. */
-static char selected_cpu_name[16];
+static char selected_cpu_name[20];
extern FLONUM_TYPE generic_floating_point_number;
@@ -25132,11 +25132,17 @@ arm_parse_cpu (char *str)
mcpu_cpu_opt = &opt->value;
mcpu_fpu_opt = &opt->default_fpu;
if (opt->canonical_name)
- strcpy (selected_cpu_name, opt->canonical_name);
+ {
+ gas_assert (sizeof selected_cpu_name > strlen (opt->canonical_name));
+ strcpy (selected_cpu_name, opt->canonical_name);
+ }
else
{
size_t i;
+ if (len >= sizeof selected_cpu_name)
+ len = (sizeof selected_cpu_name) - 1;
+
for (i = 0; i < len; i++)
selected_cpu_name[i] = TOUPPER (opt->name[i]);
selected_cpu_name[i] = 0;