This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: PATCH: Avoid buffer overflow in decode_arm_unwind
On 03/18/2010 02:29 PM, Daniel Jacobowitz wrote:
On Thu, Mar 18, 2010 at 02:04:03PM -0700, John Reiser wrote:
Daniel Jacobowitz commented:
It could as easily have been 5 (it's a 32-bit target), but
either is safe.
True safety demands something such as:
#define B2BUFSIZE (1+ (6+ 8*sizeof(offset))/7) /* 7 bits at a time */
...
unsigned char buf[B2BUFSIZE];
The size of offset is not relevant; we're decoding data for a 32-bit
target. Each byte carries seven bits of data. Five bytes of uleb128
is sufficient for any target-representable offset when your memory
space is 32 bits wide.
(Not sure where you got the 1+.)
It is true that 32 <= (5 * 7) and therefore 5 bytes of uleb128 is enough
for a 32-bit target. Using "sizeof(offset)" provides some generality.
The full #define, including comment, provides documentation. There was
a problem here once, so explanation is good.
The 1+ provides some margin for safety, and accommodation in case the
writer of the data stream does not use a minimal representation of uleb128.
I have seen this in practice, due to fixed-length encoding ["always send
at least 32 bits" can seem simpler than sending only the minimal number
of bits] together with an off-by-one error.
--