Fix potential buffer overflows with sprintf and very large integer values.
binutuils* prdbg.c (pr_enum_type): Use a buffer big enough to hold an extremely large decimal value. (pr_range_type): Likewise. (pr_array_type): Likewise. (pr_struct_field): Likewise. (pr_class_baseclass): Likewise. (pr_class_method_variant): Likewise. (pr_tag_type): Likewise. (pr_int_constant): Likewise. (pr_typed_constant): Likewise. (pr_variable): Likewise. (pr_function_parameter): Likewise. (pr_start_block): Likewise. (pr_lineno): Likewise. (pr_end_block): Likewise. (tg_enum_type): Likewise. (tg_int_constant): Likewise. (tg_typed_constant): Likewise. (tg_start_block): Likewise. gas * macro.c (macro_expand_body): Use a buffer big enough to hold an extremely large integer.
This commit is contained in:
Nick Clifton
parent
20aa2c606e
commit
98a4fc78f9
4 changed files with 46 additions and 19 deletions
|
|
@ -1,3 +1,25 @@
|
|||
2016-07-01 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
* prdbg.c (pr_enum_type): Use a buffer big enough to hold an
|
||||
extremely large decimal value.
|
||||
(pr_range_type): Likewise.
|
||||
(pr_array_type): Likewise.
|
||||
(pr_struct_field): Likewise.
|
||||
(pr_class_baseclass): Likewise.
|
||||
(pr_class_method_variant): Likewise.
|
||||
(pr_tag_type): Likewise.
|
||||
(pr_int_constant): Likewise.
|
||||
(pr_typed_constant): Likewise.
|
||||
(pr_variable): Likewise.
|
||||
(pr_function_parameter): Likewise.
|
||||
(pr_start_block): Likewise.
|
||||
(pr_lineno): Likewise.
|
||||
(pr_end_block): Likewise.
|
||||
(tg_enum_type): Likewise.
|
||||
(tg_int_constant): Likewise.
|
||||
(tg_typed_constant): Likewise.
|
||||
(tg_start_block): Likewise.
|
||||
|
||||
2016-07-01 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
* testsuite/binutils-all/objcopy.exp
|
||||
|
|
|
|||
|
|
@ -672,7 +672,7 @@ pr_enum_type (void *p, const char *tag, const char **names,
|
|||
|
||||
if (values[i] != val)
|
||||
{
|
||||
char ab[20];
|
||||
char ab[22];
|
||||
|
||||
print_vma (values[i], ab, FALSE, FALSE);
|
||||
if (! append_type (info, " = ")
|
||||
|
|
@ -802,7 +802,7 @@ static bfd_boolean
|
|||
pr_range_type (void *p, bfd_signed_vma lower, bfd_signed_vma upper)
|
||||
{
|
||||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
char abl[20], abu[20];
|
||||
char abl[22], abu[22];
|
||||
|
||||
assert (info->stack != NULL);
|
||||
|
||||
|
|
@ -827,7 +827,7 @@ pr_array_type (void *p, bfd_signed_vma lower, bfd_signed_vma upper,
|
|||
{
|
||||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
char *range_type;
|
||||
char abl[20], abu[20], ab[50];
|
||||
char abl[22], abu[22], ab[50];
|
||||
|
||||
range_type = pop_type (info);
|
||||
if (range_type == NULL)
|
||||
|
|
@ -1151,7 +1151,7 @@ pr_struct_field (void *p, const char *name, bfd_vma bitpos, bfd_vma bitsize,
|
|||
enum debug_visibility visibility)
|
||||
{
|
||||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
char ab[20];
|
||||
char ab[22];
|
||||
char *t;
|
||||
|
||||
if (! substitute_type (info, name))
|
||||
|
|
@ -1335,7 +1335,7 @@ pr_class_baseclass (void *p, bfd_vma bitpos, bfd_boolean is_virtual,
|
|||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
char *t;
|
||||
const char *prefix;
|
||||
char ab[20];
|
||||
char ab[22];
|
||||
char *s, *l, *n;
|
||||
|
||||
assert (info->stack != NULL && info->stack->next != NULL);
|
||||
|
|
@ -1495,7 +1495,7 @@ pr_class_method_variant (void *p, const char *physname,
|
|||
return FALSE;
|
||||
if (context || voffset != 0)
|
||||
{
|
||||
char ab[20];
|
||||
char ab[22];
|
||||
|
||||
if (context)
|
||||
{
|
||||
|
|
@ -1602,7 +1602,7 @@ pr_tag_type (void *p, const char *name, unsigned int id,
|
|||
{
|
||||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
const char *t, *tag;
|
||||
char idbuf[20];
|
||||
char idbuf[22];
|
||||
|
||||
switch (kind)
|
||||
{
|
||||
|
|
@ -1698,7 +1698,7 @@ static bfd_boolean
|
|||
pr_int_constant (void *p, const char *name, bfd_vma val)
|
||||
{
|
||||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
char ab[20];
|
||||
char ab[22];
|
||||
|
||||
indent (info);
|
||||
print_vma (val, ab, FALSE, FALSE);
|
||||
|
|
@ -1725,7 +1725,7 @@ pr_typed_constant (void *p, const char *name, bfd_vma val)
|
|||
{
|
||||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
char *t;
|
||||
char ab[20];
|
||||
char ab[22];
|
||||
|
||||
t = pop_type (info);
|
||||
if (t == NULL)
|
||||
|
|
@ -1748,7 +1748,7 @@ pr_variable (void *p, const char *name, enum debug_var_kind kind,
|
|||
{
|
||||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
char *t;
|
||||
char ab[20];
|
||||
char ab[22];
|
||||
|
||||
if (! substitute_type (info, name))
|
||||
return FALSE;
|
||||
|
|
@ -1811,7 +1811,7 @@ pr_function_parameter (void *p, const char *name,
|
|||
{
|
||||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
char *t;
|
||||
char ab[20];
|
||||
char ab[22];
|
||||
|
||||
if (kind == DEBUG_PARM_REFERENCE
|
||||
|| kind == DEBUG_PARM_REF_REG)
|
||||
|
|
@ -1849,7 +1849,7 @@ static bfd_boolean
|
|||
pr_start_block (void *p, bfd_vma addr)
|
||||
{
|
||||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
char ab[20];
|
||||
char ab[22];
|
||||
|
||||
if (info->parameter > 0)
|
||||
{
|
||||
|
|
@ -1872,7 +1872,7 @@ static bfd_boolean
|
|||
pr_lineno (void *p, const char *filename, unsigned long lineno, bfd_vma addr)
|
||||
{
|
||||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
char ab[20];
|
||||
char ab[22];
|
||||
|
||||
indent (info);
|
||||
print_vma (addr, ab, TRUE, TRUE);
|
||||
|
|
@ -1887,7 +1887,7 @@ static bfd_boolean
|
|||
pr_end_block (void *p, bfd_vma addr)
|
||||
{
|
||||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
char ab[20];
|
||||
char ab[22];
|
||||
|
||||
info->indent -= 2;
|
||||
|
||||
|
|
@ -1993,7 +1993,7 @@ tg_enum_type (void *p, const char *tag, const char **names,
|
|||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
unsigned int i;
|
||||
const char *name;
|
||||
char ab[20];
|
||||
char ab[22];
|
||||
|
||||
if (! pr_enum_type (p, tag, names, values))
|
||||
return FALSE;
|
||||
|
|
@ -2540,7 +2540,7 @@ static bfd_boolean
|
|||
tg_int_constant (void *p, const char *name, bfd_vma val)
|
||||
{
|
||||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
char ab[20];
|
||||
char ab[22];
|
||||
|
||||
indent (info);
|
||||
print_vma (val, ab, FALSE, FALSE);
|
||||
|
|
@ -2569,7 +2569,7 @@ tg_typed_constant (void *p, const char *name, bfd_vma val)
|
|||
{
|
||||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
char *t;
|
||||
char ab[20];
|
||||
char ab[22];
|
||||
|
||||
t = pop_type (info);
|
||||
if (t == NULL)
|
||||
|
|
@ -2747,7 +2747,7 @@ static bfd_boolean
|
|||
tg_start_block (void *p, bfd_vma addr)
|
||||
{
|
||||
struct pr_handle *info = (struct pr_handle *) p;
|
||||
char ab[20], kind, *partof;
|
||||
char ab[22], kind, *partof;
|
||||
char *t;
|
||||
bfd_boolean local;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,8 @@
|
|||
2016-07-01 Nick Clifton <nickc@redhat.com>
|
||||
|
||||
* macro.c (macro_expand_body): Use a buffer big enough to hold an
|
||||
extremely large integer.
|
||||
|
||||
2016-07-01 Jan Beulich <jbeulich@suse.com>
|
||||
|
||||
* testsuite/gas/i386/mpx-inval-2.l: Relax for COFF targets.
|
||||
|
|
|
|||
|
|
@ -842,7 +842,7 @@ macro_expand_body (sb *in, sb *out, formal_entry *formals,
|
|||
{
|
||||
/* Sub in the macro invocation number. */
|
||||
|
||||
char buffer[10];
|
||||
char buffer[12];
|
||||
src++;
|
||||
sprintf (buffer, "%d", macro_number);
|
||||
sb_add_string (out, buffer);
|
||||
|
|
|
|||
Loading…
Reference in a new issue