[PATCH 5/8] libctf: don't dereference out-of-bounds locations in the qualifier hashtab
Nick Alcock
nick.alcock@oracle.com
Thu Mar 25 15:53:41 GMT 2021
On 25 Mar 2021, Hans-Peter Nilsson uttered the following:
> On Wed, 24 Mar 2021, Nick Alcock via Binutils wrote:
>
>> diff --git a/libctf/ctf-lookup.c b/libctf/ctf-lookup.c
>> index 9d1e6d8a4a2..e50c868c5b8 100644
>> --- a/libctf/ctf-lookup.c
>> +++ b/libctf/ctf-lookup.c
>> @@ -111,10 +111,13 @@ isqualifier (const char *s, size_t len)
>> };
>>
>> int h = s[len - 1] + (int) len - 105;
>> +
>> + if (h < 0 || (size_t) h >= sizeof (qhash) / sizeof (qhash[0]))
>> + return 0;
>> +
>> const struct qual *qp = &qhash[h];
>
> Do we allow C99 these days? In recent messages I got the
> impression that we're still battling with pre-C90 artefacts.
>
> If not, watch out for the declaration-after-statement there.
We have declaration-after-statements all over libctf, so if people
really do try to compile with a pre-C99 compiler, we'll know (and I'll
fix them all then and growl loudly).
For that matter there are also some in bfd, so it's not just me.
(But this one is totally gratuitous and doesn't even improve clarity, so
I'll fix it :) )
--
NULL && (void)
More information about the Binutils
mailing list