This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: PATCH: Avoid buffer overflow in decode_arm_unwind
- From: Daniel Jacobowitz <dan at codesourcery dot com>
- To: John Reiser <jreiser at bitwagon dot com>
- Cc: Binutils <binutils at sourceware dot org>, "H.J. Lu" <hjl dot tools at gmail dot com>
- Date: Thu, 18 Mar 2010 17:29:59 -0400
- Subject: Re: PATCH: Avoid buffer overflow in decode_arm_unwind
- References: <20100318174728.GA20990@intel.com> <4BA29543.3020204@bitwagon.com>
On Thu, Mar 18, 2010 at 02:04:03PM -0700, John Reiser wrote:
> Daniel Jacobowitz commented:
> >It could as easily have been 5 (it's a 32-bit target), but
> >either is safe.
>
> True safety demands something such as:
> #define B2BUFSIZE (1+ (6+ 8*sizeof(offset))/7) /* 7 bits at a time */
> ...
> unsigned char buf[B2BUFSIZE];
The size of offset is not relevant; we're decoding data for a 32-bit
target. Each byte carries seven bits of data. Five bytes of uleb128
is sufficient for any target-representable offset when your memory
space is 32 bits wide.
(Not sure where you got the 1+.)
--
Daniel Jacobowitz
CodeSourcery