This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[patch] fix buffer overflow in windres

From: Thomas Weidenmueller <w3seek at reactos dot com>
To: binutils at sources dot redhat dot com
Date: Mon, 10 Oct 2005 17:26:06 +0200
Subject: [patch] fix buffer overflow in windres
Openpgp: id=397F03EB

There's a buffer overflow in res_to_bin_accelerator() where a word is
written outside of the range of the allocated memory. There's a bugfix
for this already (bug #1259) but instead of fixing the real issue, it
just increases the size of the buffer.

The attached patch should fix the bug correctly.

- Thomas

Index: binutils/resbin.c
===================================================================
RCS file: /cvs/src/src/binutils/resbin.c,v
retrieving revision 1.8
diff -u -r1.8 resbin.c
--- binutils/resbin.c	8 May 2005 14:17:39 -0000	1.8
+++ binutils/resbin.c	10 Oct 2005 14:56:27 -0000
@@ -1415,7 +1415,7 @@
 	      d->data);
       put_16 (big_endian, a->key, d->data + 2);
       put_16 (big_endian, a->id, d->data + 4);
-      put_16 (big_endian, 0, d->data + 8);
+      put_16 (big_endian, 0, d->data + 6);
 
       d->next = NULL;
       *pp = d;

Follow-Ups:
- Re: [patch] fix buffer overflow in windres
  - From: Nick Clifton

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]