[PATCH] sparc_attrs: Fix string overflow
Maks Mishin
maks.mishinfz@gmail.com
Mon Jul 1 21:33:06 GMT 2024
A string is copied into the buffer 's' of size 577 without checking its length first at sparc_attrs.c:95.
Found by RASU JSC.
Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
---
backends/sparc_attrs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/backends/sparc_attrs.c b/backends/sparc_attrs.c
index 974e8fb0..104d4ed3 100644
--- a/backends/sparc_attrs.c
+++ b/backends/sparc_attrs.c
@@ -32,6 +32,7 @@
#include <string.h>
#include <dwarf.h>
+#include <assert.h>
#define BACKEND sparc_
#include "libebl_CPU.h"
@@ -92,6 +93,7 @@ sparc_check_object_attribute (Ebl *ebl __attribute__ ((unused)),
{
if (*s != '\0')
s = strcat (s, ",");
+ assert (strlen(s) + strlen(caps[cap]) < 577);
s = strcat (s, caps[cap]);
}
--
2.30.2
More information about the Elfutils-devel
mailing list