This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch bfd]: Prevent possible buffer overflow on pdata-section sorting

From: "h.becker" <becker dot ismaning at freenet dot de>
To: Kai Tietz <ktietz70 at googlemail dot com>
Cc: Binutils <binutils at sourceware dot org>, Nick Clifton <nickc at redhat dot com>
Date: Thu, 07 Apr 2011 04:49:41 +0200
Subject: Re: [patch bfd]: Prevent possible buffer overflow on pdata-section sorting
References: <BANLkTimv7dy1SPBi=dKP+fnWayX13VpU7g@mail.gmail.com>

The underlying problem is how the size of the buffer is calculated. It's size is the maximum of the input sections. However, the sort is for the pdata output section. Obviously there is no problem as long as there is at least one input section big enough to hold the collected pdata.

I don't want to argue about the fix, what I have is similar to what is suggested here. I just want to point out that another option to fix the calculation how the size for pfinfo->contents. Or to save that size in pinfo as well, so that the buffer can be made bigger whenever that is necessary.

Hartmut

Kai Tietz wrote:

Hello,

this issue was reported by H. Becker to me.  He found that the code in
peXXigen.c about pdata-section sorting might cause a buffer-overrun
for large pdata-data.  By working in private allocated buffer -
instead of using the pfinfo->contents - avoids this.

ChangeLog

2011-04-06 Kai Tietz

        * peXXigen.c (_bfd_XXi_final_link_postscripte): Sort pdata in temporary
        buffer.

Tested for x86_64-w64-mingw32. Ok for apply?

Regards,
Kai

References:
- [patch bfd]: Prevent possible buffer overflow on pdata-section sorting
  - From: Kai Tietz

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]