bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/19005] objcopy buffer-over-read


From: hjl.tools at gmail dot com
Subject: [Bug binutils/19005] objcopy buffer-over-read
Date: Fri, 25 Sep 2015 12:25:53 +0000

https://sourceware.org/bugzilla/show_bug.cgi?id=19005

--- Comment #12 from H.J. Lu <hjl.tools at gmail dot com> ---
(In reply to Andrew Stubbs from comment #11)
> My testcase was not really for reverse. I was trying to test for the buffer
> overrun, but as that's UB there's no direct way to do it reliably. Testing
> reverse was only meant to serve as an indicator that the the size count was
> wrong.
> 
> It works because the input buffer size is known to be 3, and the output
> buffer size is 6, so we can tell which one the --reverse option is being
> compared against by whether there's an error message or not.
> 
> I considered having it work the other way round -- matching the input size
> and check it was not an error -- but that would require having an even input
> size which seemed like it could have by accident (alignment, etc.), whereas
> 3 is always going to get padded.

We need reliable testcases to catch such errors so that the same issue
won't happen in the future.

-- 
You are receiving this mail because:
You are on the CC list for the bug.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]