Bug 17995 - buffer overrun in verilog bfd backend
Summary: buffer overrun in verilog bfd backend
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: binutils (show other bugs)
Version: 2.26
: P2 normal
Target Milestone: 2.26
Assignee: Alan Modra
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-18 08:04 UTC by Branko Drevensek
Modified: 2015-02-19 11:40 UTC (History)
0 users

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments
proposed patch that increases temporary buffer to appropriate size (204 bytes, patch)
2015-02-18 08:04 UTC, Branko Drevensek
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Branko Drevensek 2015-02-18 08:04:07 UTC
objcopy -O verilog...

Expected output:
@00000000
00 00 00 00 00 00 00 00 0F C6 00 00 00 00 00 00 
0D CE 00 00 00 00 00 00 0D 8E 00 00 00 00 00 00 
...

Generated output
@00000000
00 00 00 00 00 00 00 00 0F C6 00 00 00 00 00 00 2^@0D CE 00 00 00 00 00 00 0D 8E 00 00 00 00 00 00 2^@0D ...

---

Results depend on the toolchain used to build. Above results are produced if binutils are built by developer toolset 3 on 32 bit CentOS 6.

Generic CentOS 6 binutils gives this:
objcopy -O verilog file.elf file.v
*** stack smashing detected ***: objcopy terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x4d)[0x2dedad]
/lib/libc.so.6[0x2ded5a]
/usr/lib/libbfd-2.20.51.0.2-5.42.el6.so[0x498544]
/usr/lib/libbfd-2.20.51.0.2-5.42.el6.so[0x42856c]
Comment 1 Branko Drevensek 2015-02-18 08:04:49 UTC
Created attachment 8138 [details]
proposed patch that increases temporary buffer to appropriate size
Comment 2 cvs-commit@gcc.gnu.org 2015-02-19 11:39:27 UTC
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=837914eeb43cd0231cc3c25e8644f0d6190034e6

commit 837914eeb43cd0231cc3c25e8644f0d6190034e6
Author: Branko Drevensek <branko.drevensek@gmail.com>
Date:   Thu Feb 19 22:05:21 2015 +1030

    Fix buffer overrun in verilog code
    
    	PR 17995
    	* verilog.c (verilog_write_record): Correct buffer size.
Comment 3 Alan Modra 2015-02-19 11:40:28 UTC
Patch applied