bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug gas/1069] Segmentation fault in libiberty/xexit.c:51


From: Nick Clifton
Subject: Re: [Bug gas/1069] Segmentation fault in libiberty/xexit.c:51
Date: Thu, 14 Jul 2005 16:40:30 +0100
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

Hi Guys,

Alan wrote:
No, this is a buffer overflow of gas/config/tc-crx.c:ins_parse in reset_vars.

And I am applying this patch to stop the overflow and prevent the seg-fault. (This also makes the patch applied for 1063 redundant, but that should not matter).

Cheers
  Nick

gas/ChangeLog
2005-07-14  Nick Clifton  <address@hidden>

        PR 1069
        * config/tc-crx.c (reset_vars): Use strncpy to prevent overflowing
        the ins_parse buffer.

Index: gas/config/tc-crx.c
===================================================================
RCS file: /cvs/src/src/gas/config/tc-crx.c,v
retrieving revision 1.15
diff -c -3 -p -r1.15 tc-crx.c
*** gas/config/tc-crx.c 7 Jun 2005 17:54:16 -0000       1.15
--- gas/config/tc-crx.c 14 Jul 2005 15:33:26 -0000
*************** reset_vars (char *op)
*** 268,274 ****
    memset (& output_opcode, '\0', sizeof (output_opcode));
  
    /* Save a copy of the original OP (used in error messages).  */
!   strcpy (ins_parse, op);
  }
  
  /* This macro decides whether a particular reloc is an entry in a
--- 268,275 ----
    memset (& output_opcode, '\0', sizeof (output_opcode));
  
    /* Save a copy of the original OP (used in error messages).  */
!   strncpy (ins_parse, op, sizeof ins_parse - 1);
!   ins_parse [sizeof ins_parse - 1] = 0;
  }
  
  /* This macro decides whether a particular reloc is an entry in a

reply via email to

[Prev in Thread] Current Thread [Next in Thread]