This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Buffer overrun in objcopy

From: Eirik Byrkjeflot Anonsen <eirik at opera dot com>
To: binutils at sourceware dot org
Date: Fri, 18 Dec 2009 15:37:24 +0100
Subject: Re: [PATCH] Buffer overrun in objcopy
References: <87skb82x44.fsf@opera.com> <CC63809C-2153-4901-9199-2FEEBED44661@adacore.com>

Tristan Gingold <gingold@adacore.com> writes:

> On Dec 18, 2009, at 3:08 PM, Eirik Byrkjeflot Anonsen wrote:
>
>> Using objcopy from binutils 2.20.
>> 
>> When using objcopy to rename symbols using add_redefine_syms_file(), if
>> one of the source symbols is exactly 99 characters, the input buffer
>> will be overrun (by the first character in the target symbol).  The
>> attached patch copies the buffer resize code to the two places in this
>> function where I think it could potentially be a problem.
>
> Good catch.  However I think it would be simpler to just allocate bufsize + 1 bytes.
>
> (I also think that this should go into the branch).
>
> Tristan.

Yes, that should work just fine.  It might be slightly less obvious to
someone reading the code later, but I'm happy with either solution.

eirik

Follow-Ups:
- Re: [PATCH] Buffer overrun in objcopy
  - From: Nick Clifton

References:
- [PATCH] Buffer overrun in objcopy
  - From: Eirik Byrkjeflot Anonsen
- Re: [PATCH] Buffer overrun in objcopy
  - From: Tristan Gingold

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]