This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: PATCH: PR gas/7059: buffer overflow detected while building a to be cross-compiled application
- From: Alan Modra <amodra at bigpond dot net dot au>
- To: "H.J. Lu" <hjl dot tools at gmail dot com>
- Cc: binutils at sources dot redhat dot com
- Date: Mon, 5 Jan 2009 12:42:32 +1030
- Subject: Re: PATCH: PR gas/7059: buffer overflow detected while building a to be cross-compiled application
- References: <20090104190326.GA9363@lucon.org>
On Sun, Jan 04, 2009 at 11:03:26AM -0800, H.J. Lu wrote:
> --- bfd/coffcode.h.stack 2008-12-23 11:38:58.000000000 -0800
> +++ bfd/coffcode.h 2009-01-04 10:58:41.000000000 -0800
> @@ -3509,7 +3509,8 @@ coff_write_object_contents (bfd * abfd)
> if (len > SCNNMLEN)
> {
> memset (section.s_name, 0, SCNNMLEN);
> - sprintf (section.s_name, "/%lu", (unsigned long) string_size);
> + snprintf (section.s_name, SCNNMLEN,
> + "/%lx", (unsigned long) string_size);
> string_size += len + 1;
> long_section_names = TRUE;
> }
See coffgen.c:make_a_section_from_file. You can't change from decimal
to hex since the value printed is used to find the section name in the
string table. Of course, this means that truncating the index with
snprintf is wrong too. If you really want to fix this you'll need to
extend the COFF_LONG_SECTION_NAMES handling. I see a comment "Handle
long section names as in PE.", so I guess you'll need to find out how
PE handles this situation.
--
Alan Modra
Australia Development Lab, IBM