PATCH: Avoid buffer overflow in decode_arm_unwind

John Reiser jreiser@bitwagon.com
Fri Mar 19 01:17:00 GMT 2010


On 03/18/2010 02:29 PM, Daniel Jacobowitz wrote:
> On Thu, Mar 18, 2010 at 02:04:03PM -0700, John Reiser wrote:
>> Daniel Jacobowitz commented:
>>> It could as easily have been 5 (it's a 32-bit target), but
>>> either is safe.
>>
>> True safety demands something such as:
>>      #define B2BUFSIZE (1+ (6+ 8*sizeof(offset))/7)  /* 7 bits at a time */
>>        ...
>>          unsigned char buf[B2BUFSIZE];
>
> The size of offset is not relevant; we're decoding data for a 32-bit
> target.  Each byte carries seven bits of data.  Five bytes of uleb128
> is sufficient for any target-representable offset when your memory
> space is 32 bits wide.
>
> (Not sure where you got the 1+.)

It is true that 32 <= (5 * 7) and therefore 5 bytes of uleb128 is enough
for a 32-bit target.  Using "sizeof(offset)" provides some generality.
The full #define, including comment, provides documentation.  There was
a problem here once, so explanation is good.

The 1+ provides some margin for safety, and accommodation in case the
writer of the data stream does not use a minimal representation of uleb128.
I have seen this in practice, due to fixed-length encoding ["always send
at least 32 bits" can seem simpler than sending only the minimal number
of bits] together with an off-by-one error.

-- 



More information about the Binutils mailing list