This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
[PATCH] [ARM] fix buffer overflow in gas
- From: Jim Wilson <jim dot wilson at linaro dot org>
- To: Binutils <binutils at sourceware dot org>
- Date: Mon, 26 Oct 2015 11:28:41 -0700
- Subject: [PATCH] [ARM] fix buffer overflow in gas
- Authentication-results: sourceware.org; auth=none
On Ubuntu 14.04, I get
palantir:2062$ cat tmp.s
.cpu exynos-m1
palantir:2063$ ./as-new tmp.s
*** buffer overflow detected ***: ./as-new terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7338f)[0x7f984612538f]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7f98461bcc9c]
/lib/x86_64-linux-gnu/libc.so.6(+0x109b60)[0x7f98461bbb60]
./as-new[0x42e227]
...
The problem is that the string "Samsung Exynos M1" is 18 characters
long including the trailing null byte, but the select_cpu_name array
is only 16 characters long. This patch increases it to 20 to make the
string fit and allow a little breathing room. Tested with a cross
build and make check.
Jim
gas/
2015-10-26 Jim Wilson <jim.wilson@linaro.org>
* config/tc-arm.c (selected_cpu_name): Increase from 16 to 20.
diff --git a/gas/config/tc-arm.c b/gas/config/tc-arm.c
index efc522a..a98a22a 100644
--- a/gas/config/tc-arm.c
+++ b/gas/config/tc-arm.c
@@ -266,7 +266,7 @@ static int mfloat_abi_opt = -1;
/* Record user cpu selection for object attributes. */
static arm_feature_set selected_cpu = ARM_ARCH_NONE;
/* Must be long enough to hold any of the names in arm_cpus. */
-static char selected_cpu_name[16];
+static char selected_cpu_name[20];
extern FLONUM_TYPE generic_floating_point_number;