[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug gas/1069] Segmentation fault in libiberty/xexit.c:51
From: |
Nick Clifton |
Subject: |
Re: [Bug gas/1069] Segmentation fault in libiberty/xexit.c:51 |
Date: |
Thu, 14 Jul 2005 16:40:30 +0100 |
User-agent: |
Mozilla Thunderbird 1.0 (X11/20041206) |
Hi Guys,
Alan wrote:
No, this is a buffer overflow of gas/config/tc-crx.c:ins_parse in reset_vars.
And I am applying this patch to stop the overflow and prevent the
seg-fault. (This also makes the patch applied for 1063 redundant, but
that should not matter).
Cheers
Nick
gas/ChangeLog
2005-07-14 Nick Clifton <address@hidden>
PR 1069
* config/tc-crx.c (reset_vars): Use strncpy to prevent overflowing
the ins_parse buffer.
Index: gas/config/tc-crx.c
===================================================================
RCS file: /cvs/src/src/gas/config/tc-crx.c,v
retrieving revision 1.15
diff -c -3 -p -r1.15 tc-crx.c
*** gas/config/tc-crx.c 7 Jun 2005 17:54:16 -0000 1.15
--- gas/config/tc-crx.c 14 Jul 2005 15:33:26 -0000
*************** reset_vars (char *op)
*** 268,274 ****
memset (& output_opcode, '\0', sizeof (output_opcode));
/* Save a copy of the original OP (used in error messages). */
! strcpy (ins_parse, op);
}
/* This macro decides whether a particular reloc is an entry in a
--- 268,275 ----
memset (& output_opcode, '\0', sizeof (output_opcode));
/* Save a copy of the original OP (used in error messages). */
! strncpy (ins_parse, op, sizeof ins_parse - 1);
! ins_parse [sizeof ins_parse - 1] = 0;
}
/* This macro decides whether a particular reloc is an entry in a
- [Bug gas/1069] New: Segmentation fault in libiberty/xexit.c:51, paul dot woegerer at nsc dot com, 2005/07/14
- [Bug gas/1069] Buffer overflow in tc-crx.c, amodra at bigpond dot net dot au, 2005/07/14
- [Bug gas/1069] Segmentation fault in libiberty/xexit.c:51, amodra at bigpond dot net dot au, 2005/07/14
- Re: [Bug gas/1069] Segmentation fault in libiberty/xexit.c:51,
Nick Clifton <=
- [Bug gas/1069] Buffer overflow in tc-crx.c, nickc at redhat dot com, 2005/07/14
- [Bug gas/1069] Buffer overflow in tc-crx.c, nickc at redhat dot com, 2005/07/14
- [Bug gas/1069] Buffer overflow in tc-crx.c, ian at airs dot com, 2005/07/14