This is the mail archive of the gdb-patches@sources.redhat.com mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[COMMIT] Avoid sprintf/strcpy in corelow.c


This should prevent some buffer overflows.  While there are different
ways to do this it's still pretty obvious.

Index: ChangeLog
from  Mark Kettenis  <kettenis@gnu.org>

	* corelow.c (get_core_register_section): Replace usage of sprintf
	and strcpy with xstrprintf and xstrdup.

Index: corelow.c
===================================================================
RCS file: /cvs/src/src/gdb/corelow.c,v
retrieving revision 1.46
diff -u -p -r1.46 corelow.c
--- corelow.c 12 Feb 2005 00:39:18 -0000 1.46
+++ corelow.c 17 Mar 2005 22:06:10 -0000
@@ -447,15 +447,16 @@ get_core_register_section (char *name,
 			   char *human_name,
 			   int required)
 {
-  char section_name[100];
+  static char *section_name = NULL;
   struct bfd_section *section;
   bfd_size_type size;
   char *contents;
 
+  xfree (section_name);
   if (PIDGET (inferior_ptid))
-    sprintf (section_name, "%s/%d", name, PIDGET (inferior_ptid));
+    section_name = xstrprintf ("%s/%d", name, PIDGET (inferior_ptid));
   else
-    strcpy (section_name, name);
+    section_name = xstrdup (name);
 
   section = bfd_get_section_by_name (core_bfd, section_name);
   if (! section)


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]