This is the mail archive of the
binutils@sources.redhat.com
mailing list for the binutils project.
[PATCH] memcmp() error in gas/dwarf2dbg.c
- From: Hannes Reinecke <hare at suse dot de>
- To: binutils at sources dot redhat dot com
- Cc: Martin Schwidefsky <schwidefsky at de dot ibm dot com>,Ulrich Weigand <Ulrich dot Weigand at de dot ibm dot com>
- Date: Fri, 13 Feb 2004 12:04:17 +0100
- Subject: [PATCH] memcmp() error in gas/dwarf2dbg.c
- Organization: SuSE Linux AG
Hi,
there is a possible memory overflow in gas/dwarf3dbg.c: get_filenum():375
if (memcmp (filename, dirs[dir], dir_len) == 0
&& dirs[dir][dir_len] == '\0')
dir_len is set to strlen(filename), which will overflow onto unallocated
memory if strlen(filename) > strlen(dirs[dir]).
The attached patch fixes this.
Please keep me cc'ed as I'm not on this list.
Cheers,
Hannes
--
Dr. Hannes Reinecke hare@suse.de
SuSE Linux AG S390 & zSeries
Maxfeldstraße 5 +49 911 74053 688
90409 Nürnberg http://www.suse.de
--- binutils-2.14.90.0.8/gas/dwarf2dbg..c.orig 2004-02-13 11:55:05.470239719 +0100
+++ binutils-2.14.90.0.8/gas/dwarf2dbg.c 2004-02-13 11:57:23.679576129 +0100
@@ -339,7 +339,7 @@ get_filenum (const char *filename, unsig
{
static unsigned int last_used, last_used_dir_len;
const char *file;
- size_t dir_len;
+ size_t dir_len, tmp_len;
unsigned int i, dir;
if (num == 0 && last_used)
@@ -372,8 +372,9 @@ get_filenum (const char *filename, unsig
{
--dir_len;
for (dir = 1; dir < dirs_in_use; ++dir)
- if (memcmp (filename, dirs[dir], dir_len) == 0
- && dirs[dir][dir_len] == '\0')
+ tmp_len = strlen(dirs[dir]) < dir_len?strlen(dirs[dir]):dir_len;
+ if (memcmp (filename, dirs[dir], tmp_len) == 0
+ && dirs[dir][tmp_len] == '\0')
break;
if (dir >= dirs_in_use)