Summary: | Buffer overflow in tc-crx.c | ||
---|---|---|---|
Product: | binutils | Reporter: | Paul Woegerer <paul.woegerer> |
Component: | gas | Assignee: | unassigned |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bug-binutils, nickc |
Priority: | P2 | ||
Version: | 2.16 | ||
Target Milestone: | --- | ||
Host: | i686-pc-linux-gnu | Target: | crx-unknown-elf |
Build: | i686-pc-linux-gnu | Last reconfirmed: |
Description
Paul Woegerer
2005-07-14 13:40:57 UTC
No, this is a buffer overflow of gas/config/tc-crx.c:ins_parse in reset_vars. Subject: Re: Segmentation fault in libiberty/xexit.c:51 Hi Guys, > Alan wrote: > No, this is a buffer overflow of gas/config/tc-crx.c:ins_parse in reset_vars. And I am applying this patch to stop the overflow and prevent the seg-fault. (This also makes the patch applied for 1063 redundant, but that should not matter). Cheers Nick gas/ChangeLog 2005-07-14 Nick Clifton <nickc@redhat.com> PR 1069 * config/tc-crx.c (reset_vars): Use strncpy to prevent overflowing the ins_parse buffer. Index: gas/config/tc-crx.c =================================================================== RCS file: /cvs/src/src/gas/config/tc-crx.c,v retrieving revision 1.15 diff -c -3 -p -r1.15 tc-crx.c *** gas/config/tc-crx.c 7 Jun 2005 17:54:16 -0000 1.15 --- gas/config/tc-crx.c 14 Jul 2005 15:33:26 -0000 *************** reset_vars (char *op) *** 268,274 **** memset (& output_opcode, '\0', sizeof (output_opcode)); /* Save a copy of the original OP (used in error messages). */ ! strcpy (ins_parse, op); } /* This macro decides whether a particular reloc is an entry in a --- 268,275 ---- memset (& output_opcode, '\0', sizeof (output_opcode)); /* Save a copy of the original OP (used in error messages). */ ! strncpy (ins_parse, op, sizeof ins_parse - 1); ! ins_parse [sizeof ins_parse - 1] = 0; } /* This macro decides whether a particular reloc is an entry in a Patch applied |