Commit: Fix potential buffer overrun in _bfd_XXi_swap_aux_out
Nick Clifton
nickc@redhat.com
Tue Mar 16 12:44:35 GMT 2021
Hi Guys,
A static analyzer we use has thrown up an error in peXXigen.c:
peXXigen.c:395: buffer_size: You might overrun the 14
byte destination string "ext->x_file.x_fname" by writing
the maximum 18 bytes from "in->x_file.x_fname".
So I am applying the patch below to fix this problem.
Cheers
Nick
bfd/ChangeLog
2021-03-16 Nick Clifton <nickc@redhat.com>
* peXXigen.c (_bfd_XXi_swap_aux_out): Avoid potential buffer
overrun by using sizeof of the destination x_fname field as the
limit for a memcpy.
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c
index 83bbac51af..b3706723c8 100644
--- a/bfd/peXXigen.c
+++ b/bfd/peXXigen.c
@@ -380,7 +380,7 @@ _bfd_XXi_swap_aux_out (bfd * abfd,
H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
}
else
- memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
+ memcpy (ext->x_file.x_fname, in->x_file.x_fname, sizeof (ext->x_file.x_fname));
return AUXESZ;
More information about the Binutils
mailing list