darkkirb/old-cross-binutils
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix memory overflow issue about strncat

Browse source 
If src contains n or more bytes, strncat() writes n+1 bytes to dest
(n from src plus the terminating null byte).   Therefore, the size of
dest must be at least strlen(dest)+n+1.

	* config/tc-tic4x.c (md_assemble): Correct strncat size.
This commit is contained in:
Chen Gang 2014-10-15 09:48:47 +10:30 committed by Alan Modra
parent 45229ecbba
commit 450ccef08d
2 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
gas/ChangeLog
View file

@ -1,3 +1,7 @@
2014-10-15 Chen Gang <gang.chen.5i5j@gmail.com>
* config/tc-tic4x.c (md_assemble): Correct strncat size.
2014-10-14 Tristan Gingold <gingold@adacore.com>
* NEWS: Add marker for 2.25.

2
gas/config/tc-tic4x.c
View file

@ -2456,7 +2456,7 @@ md_assemble (char *str)
if (*s) /* Null terminate for hash_find. */
*s++ = '\0'; /* and skip past null. */
strcat (insn->name, "_");
strncat (insn->name, str, TIC4X_NAME_MAX - strlen (insn->name));
strncat (insn->name, str, TIC4X_NAME_MAX - 1 - strlen (insn->name));
insn->operands[insn->num_operands++].mode = M_PARALLEL;