[PATCH] Fix buffer overrun found by Coverity

Gary Benson gbenson@redhat.com
Fri Oct 5 13:53:00 GMT 2018


Hi all,

This commit fixes a buffer overrun found by Coverity, where 36 bytes
are written into the 24 byte buffer "ids".  The "ids_seen" buffer
doesn't overrun, but I've changed that too, to future-proof it some.

I would have committed this as obvious, but the testsuite doesn't
exercise this piece of code; I can't realistically say I've regression
tested this change, so I'd like another pair of eyes on it to be sure.

Cheers,
Gary

--
gdb/ChangeLog:

	* dwarf2read.c (create_dwp_hash_table): Fix buffer overrun
	found by Coverity.
---
 gdb/ChangeLog    | 5 +++++
 gdb/dwarf2read.c | 5 +++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/gdb/dwarf2read.c b/gdb/dwarf2read.c
index 4a35e38..e9d1ac5 100644
--- a/gdb/dwarf2read.c
+++ b/gdb/dwarf2read.c
@@ -12197,6 +12197,7 @@ create_dwp_hash_table (struct dwarf2_per_objfile *dwarf2_per_objfile,
     {
       const gdb_byte *ids_ptr = htab->unit_table + sizeof (uint32_t) * nr_slots;
       int *ids = htab->section_pool.v2.section_ids;
+      size_t sizeof_ids = sizeof (htab->section_pool.v2.section_ids);
       /* Reverse map for error checking.  */
       int ids_seen[DW_SECT_MAX + 1];
       int i;
@@ -12213,8 +12214,8 @@ create_dwp_hash_table (struct dwarf2_per_objfile *dwarf2_per_objfile,
 		   " in section table [in module %s]"),
 		 dwp_file->name);
 	}
-      memset (ids, 255, (DW_SECT_MAX + 1) * sizeof (int32_t));
-      memset (ids_seen, 255, (DW_SECT_MAX + 1) * sizeof (int32_t));
+      memset (ids, 255, sizeof_ids);
+      memset (ids_seen, 255, sizeof (ids_seen));
       for (i = 0; i < nr_columns; ++i)
 	{
 	  int id = read_4_bytes (dbfd, ids_ptr + i * sizeof (uint32_t));
-- 
1.8.3.1



More information about the Gdb-patches mailing list