This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.


On Thursday 03 March 2011 20:06:12, Michael Snyder wrote:
> > 
> > Doesn't pe.h define them both the same?
> 
> Hmm, yes... Coverity was evidently looking at the definition of 
> E_FILNMLEN from include/coff/external.h, which is overridden by
> the one in pe.h.

Static analyser's output is always full of false positives.
Humans always need to filter it...

> >> Index: peXXigen.c
> >> ===================================================================
> >> RCS file: /cvs/src/src/bfd/peXXigen.c,v
> >> retrieving revision 1.69
> >> diff -u -p -u -p -r1.69 peXXigen.c
> >> --- peXXigen.c  21 Dec 2010 15:24:38 -0000      1.69
> >> +++ peXXigen.c  3 Mar 2011 18:03:44 -0000
> >> @@ -249,7 +249,7 @@ _bfd_XXi_swap_aux_in (bfd * abfd,
> >>           in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
> >>         }
> >>        else
> >> -       memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
> >> +       memcpy (in->x_file.x_fname, ext->x_file.x_fname, E_FILNMLEN);
> >>        return;
> >>  
> >>      case C_STAT:
> >> @@ -323,7 +323,7 @@ _bfd_XXi_swap_aux_out (bfd *  abfd,
> >>           H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
> >>         }
> >>        else
> >> -       memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
> >> +       memcpy (ext->x_file.x_fname, in->x_file.x_fname, E_FILNMLEN);
> > 
> > If FILNMLEN can really be different from E_FILNMLEN, I'd've expected
> > something else needs doing here?
> 
> 
> Maybe this?

No.  Think about what it would mean if the source is
larger than the destination, or the opposite.

I think doing what coffswap.h does is more appropriate:

#if FILNMLEN != E_FILNMLEN
#error we need to cope with truncating or extending FILNMLEN
#else

If coverity doesn't handle this, well, report them a bug.

(I think binutils patches to go binutils@sourceware.org,
not bug-binutils@gnu.org)

-- 
Pedro Alves


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]