This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

PATCH: Avoid buffer overflow in decode_arm_unwind

From: "H.J. Lu" <hongjiu dot lu at intel dot com>
To: binutils at sourceware dot org
Cc: dan at codesourcery dot com
Date: Thu, 18 Mar 2010 10:47:28 -0700
Subject: PATCH: Avoid buffer overflow in decode_arm_unwind
Reply-to: "H.J. Lu" <hjl dot tools at gmail dot com>

Hi,

I checked in this patch to avod buffer overflow as an obvious fix.


H.J.
---
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 506ab55..8058db3 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,7 @@
+2010-03-18  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* readelf.c (decode_arm_unwind): Increase buf size to 9 byte.
+
 2010-03-17  Alan Modra  <amodra@gmail.com>
 
 	* readelf.c (dump_arm_unwind): Warning fix.
diff --git a/binutils/readelf.c b/binutils/readelf.c
index c76fc17..beaf947 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -6194,10 +6194,10 @@ decode_arm_unwind (struct arm_unw_aux_info *aux,
 	}
       else if (op == 0xb2)
 	{
-	  unsigned char buf[5];
+	  unsigned char buf[9];
 	  unsigned int i, len;
 	  unsigned long offset;
-	  for (i = 0; i < 9; i++)
+	  for (i = 0; i < sizeof (buf); i++)
 	    {
 	      GET_OP (buf[i]);
 	      if ((buf[i] & 0x80) == 0)

Follow-Ups:
- Re: PATCH: Avoid buffer overflow in decode_arm_unwind
  - From: Daniel Jacobowitz
- Re: PATCH: Avoid buffer overflow in decode_arm_unwind
  - From: John Reiser

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]