This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.
- From: Michael Snyder <msnyder at vmware dot com>
- To: Pedro Alves <pedro at codesourcery dot com>
- Cc: "gdb-patches at sourceware dot org" <gdb-patches at sourceware dot org>, "nickc at redhat dot com" <nickc at redhat dot com>, "bug-binutils at gnu dot org" <bug-binutils at gnu dot org>
- Date: Thu, 03 Mar 2011 12:06:12 -0800
- Subject: Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.
- References: <4D6FD940.7050400@vmware.com> <201103031913.20960.pedro@codesourcery.com>
Pedro Alves wrote:
On Thursday 03 March 2011 18:09:04, Michael Snyder wrote:
2011-03-03 Michael Snyder <msnyder@msnyder-server.eng.vmware.com>
* peXXigen.c (_bfd_XXi_swap_aux_in): Use E_FILNMNEN instead of
FILENMLEN, otherwise will overwrite array.
Doesn't pe.h define them both the same?
Hmm, yes... Coverity was evidently looking at the definition of
E_FILNMLEN from include/coff/external.h, which is overridden by
the one in pe.h.
Index: peXXigen.c
===================================================================
RCS file: /cvs/src/src/bfd/peXXigen.c,v
retrieving revision 1.69
diff -u -p -u -p -r1.69 peXXigen.c
--- peXXigen.c 21 Dec 2010 15:24:38 -0000 1.69
+++ peXXigen.c 3 Mar 2011 18:03:44 -0000
@@ -249,7 +249,7 @@ _bfd_XXi_swap_aux_in (bfd * abfd,
in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
}
else
- memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
+ memcpy (in->x_file.x_fname, ext->x_file.x_fname, E_FILNMLEN);
return;
case C_STAT:
@@ -323,7 +323,7 @@ _bfd_XXi_swap_aux_out (bfd * abfd,
H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
}
else
- memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
+ memcpy (ext->x_file.x_fname, in->x_file.x_fname, E_FILNMLEN);
If FILNMLEN can really be different from E_FILNMLEN, I'd've expected
something else needs doing here?
Maybe this?
2011-03-03 Michael Snyder <msnyder@msnyder-server.eng.vmware.com>
* peXXigen.c (_bfd_XXi_swap_aux_in): Use sizeof in memcpy.
(_bfd_XXi_swap_aux_out): Ditto.
Index: peXXigen.c
===================================================================
RCS file: /cvs/src/src/bfd/peXXigen.c,v
retrieving revision 1.69
diff -u -p -u -p -r1.69 peXXigen.c
--- peXXigen.c 21 Dec 2010 15:24:38 -0000 1.69
+++ peXXigen.c 3 Mar 2011 20:04:59 -0000
@@ -249,7 +249,8 @@ _bfd_XXi_swap_aux_in (bfd * abfd,
in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
}
else
- memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
+ memcpy (in->x_file.x_fname, ext->x_file.x_fname,
+ sizeof (in->x_file.x_fname));
return;
case C_STAT:
@@ -323,7 +324,8 @@ _bfd_XXi_swap_aux_out (bfd * abfd,
H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
}
else
- memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
+ memcpy (ext->x_file.x_fname, in->x_file.x_fname,
+ sizeof (ext->x_file.x_fname));
return AUXESZ;