[PATCH] sparc_attrs.c: Prevent buffer overflow in sparc_check_object_attribute
Mark Wielaard
mark@klomp.org
Tue Nov 5 18:37:05 GMT 2024
Hi,
On Tue, Nov 05, 2024 at 11:58:19AM -0500, Serhei Makarov wrote:
> On Tue, Nov 5, 2024, at 9:25 AM, Anton Moryakov wrote:
> > Record Length Limit: We use strncat to add a line indicating the
> > available remaining_size. This prevents writing beyond the allocated
> > memory.
> > Remaining space update: remaining_size is updated after each entry to
> > ensure that row additions do not cause overflow.
>
> It looks to me like the maximum possible length of the concatenated
> strings (from a hardcoded array a few lines prior to the patch) and
> the length of the buffer are both statically known, and thus it's
> not actually possible for the code to overflow the buffer. This is
> an interesting test case for developing a static analyzer, but not
> an actual bug.
Or add a static_assert based on that knowledge as we discussed before
when this "RASU JSC" issue came up:
https://inbox.sourceware.org/elfutils-devel/20240702114611.GE29242@gnu.wildebeest.org/T
Cheers,
Mark
More information about the Elfutils-devel
mailing list