This is the mail archive of the libc-alpha@sources.redhat.com mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]

[patch] buffer overrun fix in backtracesyms.c

To: libc-alpha at sources dot redhat dot com
Subject: [patch] buffer overrun fix in backtracesyms.c
From: Byron Stanoszek <gandalf at winds dot org>
Date: Thu, 2 Nov 2000 08:32:03 -0500 (EST)

Glancing at the backtrace_symbols() function, I noticed that a buffer overrun
can occur on a 64-bit machine. The string [+%p] has a maximum character length
of 22 on a 16-bit machine, not 19 as the code seems to believe (with
WORD_WIDTH == 16). This patch will fix the problem:


--- libc/sysdeps/generic/backtracesyms.c.orig	Thu Nov  2 08:25:56 2000
+++ libc/sysdeps/generic/backtracesyms.c	Thu Nov  2 08:26:37 2000
@@ -38,7 +38,7 @@
 
   /* We can compute the text size needed for the symbols since we print
      them all as "[%<addr>]".  */
-  total = size * (WORD_WIDTH + 3);
+  total = size * (WORD_WIDTH + 6);
 
   /* Allocate memory for the result.  */
   result = malloc (size * sizeof (char *) + total);

I did not check to see if other machine-dependent functions have the same
error.

-- 
Byron Stanoszek                         Ph: (330) 644-3059
Systems Programmer                      Fax: (330) 644-8110
Commercial Timesharing Inc.             Email: bstanoszek@comtime.com

Follow-Ups:
- Re: [patch] buffer overrun fix in backtracesyms.c
  - From: Ulrich Drepper

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]