This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: PATCH: Avoid buffer overflow in decode_arm_unwind


On Thu, Mar 18, 2010 at 02:04:03PM -0700, John Reiser wrote:
> Daniel Jacobowitz commented:
> >It could as easily have been 5 (it's a 32-bit target), but
> >either is safe.
> 
> True safety demands something such as:
>     #define B2BUFSIZE (1+ (6+ 8*sizeof(offset))/7)  /* 7 bits at a time */
>       ...
>         unsigned char buf[B2BUFSIZE];

The size of offset is not relevant; we're decoding data for a 32-bit
target.  Each byte carries seven bits of data.  Five bytes of uleb128
is sufficient for any target-representable offset when your memory
space is 32 bits wide.

(Not sure where you got the 1+.)

-- 
Daniel Jacobowitz
CodeSourcery


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]