This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] [ARM] fix buffer overflow in gas

From: Nick Clifton <nickc at redhat dot com>
To: Jim Wilson <jim dot wilson at linaro dot org>, Binutils <binutils at sourceware dot org>
Date: Tue, 27 Oct 2015 09:36:02 +0000
Subject: Re: [PATCH] [ARM] fix buffer overflow in gas
Authentication-results: sourceware.org; auth=none
References: <CABXYE2XgtLdfCj_7TcFUOLfbwWaUt2KjYgTv5CAZkMTiDv1kRA at mail dot gmail dot com>

Hi Jim,

The problem is that the string "Samsung Exynos M1" is 18 characters
long including the trailing null byte, but the select_cpu_name array
is only 16 characters long.

Thanks for the bug report and patch. I have checked your patch in,along with the addition of an assert in arm_parse_cpu, which shouldcatch problems like this in the future.


Cheers
  Nick

gas/ChangeLog
2015-10-27  Jim Wilson  <jim.wilson@linaro.org>

	* config/tc-arm.c (selected_cpu_name): Increase length of array to
	accomodate "Samsung Exynos M1".
	(arm_parse_cpu): Add assertion and length check to prevent
	overfilling selected_cpu_name.

References:
- [PATCH] [ARM] fix buffer overflow in gas
  - From: Jim Wilson

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]