PATCH: Avoid buffer overflow in decode_arm_unwind
John Reiser
jreiser@bitwagon.com
Fri Mar 19 01:17:00 GMT 2010
On 03/18/2010 02:29 PM, Daniel Jacobowitz wrote:
> On Thu, Mar 18, 2010 at 02:04:03PM -0700, John Reiser wrote:
>> Daniel Jacobowitz commented:
>>> It could as easily have been 5 (it's a 32-bit target), but
>>> either is safe.
>>
>> True safety demands something such as:
>> #define B2BUFSIZE (1+ (6+ 8*sizeof(offset))/7) /* 7 bits at a time */
>> ...
>> unsigned char buf[B2BUFSIZE];
>
> The size of offset is not relevant; we're decoding data for a 32-bit
> target. Each byte carries seven bits of data. Five bytes of uleb128
> is sufficient for any target-representable offset when your memory
> space is 32 bits wide.
>
> (Not sure where you got the 1+.)
It is true that 32 <= (5 * 7) and therefore 5 bytes of uleb128 is enough
for a 32-bit target. Using "sizeof(offset)" provides some generality.
The full #define, including comment, provides documentation. There was
a problem here once, so explanation is good.
The 1+ provides some margin for safety, and accommodation in case the
writer of the data stream does not use a minimal representation of uleb128.
I have seen this in practice, due to fixed-length encoding ["always send
at least 32 bits" can seem simpler than sending only the minimal number
of bits] together with an off-by-one error.
--
More information about the Binutils
mailing list