This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: eh-frame: CIE initial_instructions overflow

From: nick clifton <nickc at redhat dot com>
To: Christophe Lyon <christophe dot lyon at linaro dot org>, binutils at sourceware dot org
Date: Thu, 19 Dec 2013 11:31:49 +0000
Subject: Re: eh-frame: CIE initial_instructions overflow
Authentication-results: sourceware.org; auth=none
References: <CAKdteOa8FJo=zw33AJ_waUMeOWviTO9bU2GYbsESSSR9mPf76Q at mail dot gmail dot com>

Hi Christophe,

Currently, in bfd/elf-eh-frame.c we have a definition of struct cie
which ends with:
   unsigned char initial_instructions[50];


This is a bug...

In _bfd_elf_parse_eh_frame(), we have:
       initial_insn_length = end - buf;
       if (initial_insn_length <= sizeof (cie->initial_instructions))
         {
           cie->initial_insn_length = initial_insn_length;
           memcpy (cie->initial_instructions, buf, initial_insn_length);
         }

IMHO - there should be no fixed size for the initial_instructionsbuffer. Instead the code at this point should allocate and copy thebuffer that has just been created.


Cheers
  Nick

Follow-Ups:
- Re: eh-frame: CIE initial_instructions overflow
  - From: Christophe Lyon

References:
- eh-frame: CIE initial_instructions overflow
  - From: Christophe Lyon

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]