This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: PATCH: PR gas/7059: buffer overflow detected while building a to be cross-compiled application

From: Alan Modra <amodra at bigpond dot net dot au>
To: "H.J. Lu" <hjl dot tools at gmail dot com>
Cc: binutils at sources dot redhat dot com
Date: Mon, 5 Jan 2009 12:42:32 +1030
Subject: Re: PATCH: PR gas/7059: buffer overflow detected while building a to be cross-compiled application
References: <20090104190326.GA9363@lucon.org>

On Sun, Jan 04, 2009 at 11:03:26AM -0800, H.J. Lu wrote:
> --- bfd/coffcode.h.stack	2008-12-23 11:38:58.000000000 -0800
> +++ bfd/coffcode.h	2009-01-04 10:58:41.000000000 -0800
> @@ -3509,7 +3509,8 @@ coff_write_object_contents (bfd * abfd)
>  	if (len > SCNNMLEN)
>  	  {
>  	    memset (section.s_name, 0, SCNNMLEN);
> -	    sprintf (section.s_name, "/%lu", (unsigned long) string_size);
> +	    snprintf (section.s_name, SCNNMLEN,
> +		      "/%lx", (unsigned long) string_size);
>  	    string_size += len + 1;
>  	    long_section_names = TRUE;
>  	  }

See coffgen.c:make_a_section_from_file.  You can't change from decimal
to hex since the value printed is used to find the section name in the
string table.  Of course, this means that truncating the index with
snprintf is wrong too.  If you really want to fix this you'll need to
extend the COFF_LONG_SECTION_NAMES handling.  I see a comment "Handle
long section names as in PE.", so I guess you'll need to find out how
PE handles this situation.

-- 
Alan Modra
Australia Development Lab, IBM

References:
- PATCH: PR gas/7059: buffer overflow detected while building a to be cross-compiled application
  - From: H.J. Lu

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]