This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
[patch] fix buffer overflow in gas error handling
- From: Mike Frysinger <vapier at gentoo dot org>
- To: binutils at sources dot redhat dot com
- Date: Wed, 20 Jul 2005 18:19:19 -0400
- Subject: [patch] fix buffer overflow in gas error handling
Tavis Ormandy was playing around and found a stack overflow in the gas error
handling routines in gas/messages.c. the fix is simple, just change the 8
uses of vsprintf() to vnsprintf() (patch by Tavis is attached). it should
apply cleanly to 2.16 and mainline branches.
-mike
2005-07-20 Tavis Ormandy <taviso@gentoo.org>
* messages.c: use vsnprintf instead of vsprintf.
--- binutils/gas/messages.c
+++ binutils/gas/messages.c
@@ -233,7 +233,7 @@
if (!flag_no_warnings)
{
va_start (args, format);
- vsprintf (buffer, format, args);
+ vsnprintf (buffer, sizeof (buffer), format, args);
va_end (args);
as_warn_internal ((char *) NULL, 0, buffer);
}
@@ -250,7 +250,7 @@
if (!flag_no_warnings)
{
va_start (args);
- vsprintf (buffer, format, args);
+ vsnprintf (buffer, sizeof (buffer), format, args);
va_end (args);
as_warn_internal ((char *) NULL, 0, buffer);
}
@@ -271,7 +271,7 @@
if (!flag_no_warnings)
{
va_start (args, format);
- vsprintf (buffer, format, args);
+ vsnprintf (buffer, sizeof (buffer), format, args);
va_end (args);
as_warn_internal (file, line, buffer);
}
@@ -290,7 +290,7 @@
if (!flag_no_warnings)
{
va_start (args);
- vsprintf (buffer, format, args);
+ vsnprintf (buffer, sizeof (buffer), format, args);
va_end (args);
as_warn_internal (file, line, buffer);
}
@@ -332,7 +332,7 @@
char buffer[2000];
va_start (args, format);
- vsprintf (buffer, format, args);
+ vsnprintf (buffer, sizeof (buffer), format, args);
va_end (args);
as_bad_internal ((char *) NULL, 0, buffer);
@@ -348,7 +348,7 @@
char buffer[2000];
va_start (args);
- vsprintf (buffer, format, args);
+ vsnprintf (buffer, sizeof (buffer), format, args);
va_end (args);
as_bad_internal ((char *) NULL, 0, buffer);
@@ -367,7 +367,7 @@
char buffer[2000];
va_start (args, format);
- vsprintf (buffer, format, args);
+ vsnprintf (buffer, sizeof (buffer), format, args);
va_end (args);
as_bad_internal (file, line, buffer);
@@ -385,7 +385,7 @@
char buffer[2000];
va_start (args);
- vsprintf (buffer, format, args);
+ vsnprintf (buffer, sizeof (buffer), format, args);
va_end (args);
as_bad_internal (file, line, buffer);