16923 – Windres with version overflow clobbers version number

Bug 16923 - Windres with version overflow clobbers version number

Summary: Windres with version overflow clobbers version number

Status:	RESOLVED FIXED

Alias:	None

Product:	binutils
Classification:	Unclassified
Component:	binutils (show other bugs)
Version:	2.24

Importance:	P2 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-05-08 17:59 UTC by lavr
Modified:	2014-06-17 15:52 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description lavr 2014-05-08 17:59:40 UTC

Hello,

Below is an exceprt from rcparse.y (used by the windres utility)/

The parsing as coded results that a version given as, for example,
"a,b,c,-1" (i.e. with an overflow) propagates into adjacent fields,
so the above version is actually recorded as "a.b.65535.65535".

Is that a bug or the expected behavior?
Shouldn't $4 and $6 be masked out with 0xFFFF before ORing?

	| fixedverinfo FILEVERSION numexpr optcnumexpr optcnumexpr
	  optcnumexpr
	  {
	    $1->file_version_ms = ($3 << 16) | $4;
	    $1->file_version_ls = ($5 << 16) | $6;
	    $$ = $1;
	  }
	| fixedverinfo PRODUCTVERSION numexpr optcnumexpr optcnumexpr
	  optcnumexpr
	  {
	    $1->product_version_ms = ($3 << 16) | $4;
	    $1->product_version_ls = ($5 << 16) | $6;
	    $$ = $1;
	  }

Thanks,

Anton Lavrentiev
Contractor NIH/NLM/NCBI

Comment 1 Sourceware Commits 2014-06-17 15:52:06 UTC

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gdb and binutils".

The branch, master has been updated
       via  548a23572832015e1d457188c5962e349825e86e (commit)
      from  0fc059972058a4afb22882a61143c7cc48eca883 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=548a23572832015e1d457188c5962e349825e86e

commit 548a23572832015e1d457188c5962e349825e86e
Author: Nick Clifton <nickc@redhat.com>
Date:   Tue Jun 17 16:50:15 2014 +0100

    Prevent large (or negative) version values from overflowing into other fields when
    parsing version strings.
    
    	PR binutils/16923
    	* rcparse.y (fixedverinfo): Prevent large version numbers from
    	corrupting other values.

-----------------------------------------------------------------------

Summary of changes:
 binutils/ChangeLog |    6 ++++++
 binutils/rcparse.y |    8 ++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

Comment 2 Nick Clifton 2014-06-17 15:52:58 UTC

Hi Anton,

  Thanks very much for pointing out this bug.  I have applied the patch you suggested along with this changelog entry.

Cheers
  Nick

binutils/ChangeLog
2014-06-17  Anton Lavrentiwev  <lavr@ncbi.nim.nih.gov>

	PR binutils/16923
	* rcparse.y (fixedverinfo): Prevent large version numbers from
	corrupting other values.