[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug gas/1069] Buffer overflow in tc-crx.c
From: |
nickc at redhat dot com |
Subject: |
[Bug gas/1069] Buffer overflow in tc-crx.c |
Date: |
14 Jul 2005 15:36:12 -0000 |
------- Additional Comments From nickc at redhat dot com 2005-07-14 15:36
-------
Subject: Re: Segmentation fault in libiberty/xexit.c:51
Hi Guys,
> Alan wrote:
> No, this is a buffer overflow of gas/config/tc-crx.c:ins_parse in reset_vars.
And I am applying this patch to stop the overflow and prevent the
seg-fault. (This also makes the patch applied for 1063 redundant, but
that should not matter).
Cheers
Nick
gas/ChangeLog
2005-07-14 Nick Clifton <address@hidden>
PR 1069
* config/tc-crx.c (reset_vars): Use strncpy to prevent overflowing
the ins_parse buffer.
Index: gas/config/tc-crx.c
===================================================================
RCS file: /cvs/src/src/gas/config/tc-crx.c,v
retrieving revision 1.15
diff -c -3 -p -r1.15 tc-crx.c
*** gas/config/tc-crx.c 7 Jun 2005 17:54:16 -0000 1.15
--- gas/config/tc-crx.c 14 Jul 2005 15:33:26 -0000
*************** reset_vars (char *op)
*** 268,274 ****
memset (& output_opcode, '\0', sizeof (output_opcode));
/* Save a copy of the original OP (used in error messages). */
! strcpy (ins_parse, op);
}
/* This macro decides whether a particular reloc is an entry in a
--- 268,275 ----
memset (& output_opcode, '\0', sizeof (output_opcode));
/* Save a copy of the original OP (used in error messages). */
! strncpy (ins_parse, op, sizeof ins_parse - 1);
! ins_parse [sizeof ins_parse - 1] = 0;
}
/* This macro decides whether a particular reloc is an entry in a
--
http://sources.redhat.com/bugzilla/show_bug.cgi?id=1069
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.