* [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.
@ 2011-03-03 18:09 Michael Snyder
2011-03-03 19:13 ` Pedro Alves
2011-03-04 12:58 ` Nick Clifton
0 siblings, 2 replies; 6+ messages in thread
From: Michael Snyder @ 2011-03-03 18:09 UTC (permalink / raw)
To: nickc, bug-binutils, gdb-patches
[-- Attachment #1: Type: text/plain, Size: 10 bytes --]
OK Nick?
[-- Attachment #2: peXXigen.txt --]
[-- Type: text/plain, Size: 1052 bytes --]
2011-03-03 Michael Snyder <msnyder@msnyder-server.eng.vmware.com>
* peXXigen.c (_bfd_XXi_swap_aux_in): Use E_FILNMNEN instead of
FILENMLEN, otherwise will overwrite array.
Index: peXXigen.c
===================================================================
RCS file: /cvs/src/src/bfd/peXXigen.c,v
retrieving revision 1.69
diff -u -p -u -p -r1.69 peXXigen.c
--- peXXigen.c 21 Dec 2010 15:24:38 -0000 1.69
+++ peXXigen.c 3 Mar 2011 18:03:44 -0000
@@ -249,7 +249,7 @@ _bfd_XXi_swap_aux_in (bfd * abfd,
in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
}
else
- memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
+ memcpy (in->x_file.x_fname, ext->x_file.x_fname, E_FILNMLEN);
return;
case C_STAT:
@@ -323,7 +323,7 @@ _bfd_XXi_swap_aux_out (bfd * abfd,
H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
}
else
- memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
+ memcpy (ext->x_file.x_fname, in->x_file.x_fname, E_FILNMLEN);
return AUXESZ;
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.
2011-03-03 18:09 [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy Michael Snyder
@ 2011-03-03 19:13 ` Pedro Alves
2011-03-03 20:06 ` Michael Snyder
2011-03-04 12:58 ` Nick Clifton
1 sibling, 1 reply; 6+ messages in thread
From: Pedro Alves @ 2011-03-03 19:13 UTC (permalink / raw)
To: gdb-patches; +Cc: Michael Snyder, nickc, bug-binutils
On Thursday 03 March 2011 18:09:04, Michael Snyder wrote:
> 2011-03-03 Michael Snyder <msnyder@msnyder-server.eng.vmware.com>
>
> * peXXigen.c (_bfd_XXi_swap_aux_in): Use E_FILNMNEN instead of
> FILENMLEN, otherwise will overwrite array.
Doesn't pe.h define them both the same?
>
> Index: peXXigen.c
> ===================================================================
> RCS file: /cvs/src/src/bfd/peXXigen.c,v
> retrieving revision 1.69
> diff -u -p -u -p -r1.69 peXXigen.c
> --- peXXigen.c 21 Dec 2010 15:24:38 -0000 1.69
> +++ peXXigen.c 3 Mar 2011 18:03:44 -0000
> @@ -249,7 +249,7 @@ _bfd_XXi_swap_aux_in (bfd * abfd,
> in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
> }
> else
> - memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
> + memcpy (in->x_file.x_fname, ext->x_file.x_fname, E_FILNMLEN);
> return;
>
> case C_STAT:
> @@ -323,7 +323,7 @@ _bfd_XXi_swap_aux_out (bfd * abfd,
> H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
> }
> else
> - memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
> + memcpy (ext->x_file.x_fname, in->x_file.x_fname, E_FILNMLEN);
If FILNMLEN can really be different from E_FILNMLEN, I'd've expected
something else needs doing here?
--
Pedro Alves
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.
2011-03-03 19:13 ` Pedro Alves
@ 2011-03-03 20:06 ` Michael Snyder
2011-03-03 21:07 ` Pedro Alves
2011-03-03 22:38 ` Alan Modra
0 siblings, 2 replies; 6+ messages in thread
From: Michael Snyder @ 2011-03-03 20:06 UTC (permalink / raw)
To: Pedro Alves; +Cc: gdb-patches, nickc, bug-binutils
[-- Attachment #1: Type: text/plain, Size: 1571 bytes --]
Pedro Alves wrote:
> On Thursday 03 March 2011 18:09:04, Michael Snyder wrote:
>> 2011-03-03 Michael Snyder <msnyder@msnyder-server.eng.vmware.com>
>>
>> * peXXigen.c (_bfd_XXi_swap_aux_in): Use E_FILNMNEN instead of
>> FILENMLEN, otherwise will overwrite array.
>
> Doesn't pe.h define them both the same?
Hmm, yes... Coverity was evidently looking at the definition of
E_FILNMLEN from include/coff/external.h, which is overridden by
the one in pe.h.
>> Index: peXXigen.c
>> ===================================================================
>> RCS file: /cvs/src/src/bfd/peXXigen.c,v
>> retrieving revision 1.69
>> diff -u -p -u -p -r1.69 peXXigen.c
>> --- peXXigen.c 21 Dec 2010 15:24:38 -0000 1.69
>> +++ peXXigen.c 3 Mar 2011 18:03:44 -0000
>> @@ -249,7 +249,7 @@ _bfd_XXi_swap_aux_in (bfd * abfd,
>> in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
>> }
>> else
>> - memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
>> + memcpy (in->x_file.x_fname, ext->x_file.x_fname, E_FILNMLEN);
>> return;
>>
>> case C_STAT:
>> @@ -323,7 +323,7 @@ _bfd_XXi_swap_aux_out (bfd * abfd,
>> H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
>> }
>> else
>> - memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
>> + memcpy (ext->x_file.x_fname, in->x_file.x_fname, E_FILNMLEN);
>
> If FILNMLEN can really be different from E_FILNMLEN, I'd've expected
> something else needs doing here?
Maybe this?
[-- Attachment #2: peXXigen2.txt --]
[-- Type: text/plain, Size: 1078 bytes --]
2011-03-03 Michael Snyder <msnyder@msnyder-server.eng.vmware.com>
* peXXigen.c (_bfd_XXi_swap_aux_in): Use sizeof in memcpy.
(_bfd_XXi_swap_aux_out): Ditto.
Index: peXXigen.c
===================================================================
RCS file: /cvs/src/src/bfd/peXXigen.c,v
retrieving revision 1.69
diff -u -p -u -p -r1.69 peXXigen.c
--- peXXigen.c 21 Dec 2010 15:24:38 -0000 1.69
+++ peXXigen.c 3 Mar 2011 20:04:59 -0000
@@ -249,7 +249,8 @@ _bfd_XXi_swap_aux_in (bfd * abfd,
in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
}
else
- memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
+ memcpy (in->x_file.x_fname, ext->x_file.x_fname,
+ sizeof (in->x_file.x_fname));
return;
case C_STAT:
@@ -323,7 +324,8 @@ _bfd_XXi_swap_aux_out (bfd * abfd,
H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
}
else
- memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
+ memcpy (ext->x_file.x_fname, in->x_file.x_fname,
+ sizeof (ext->x_file.x_fname));
return AUXESZ;
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.
2011-03-03 20:06 ` Michael Snyder
@ 2011-03-03 21:07 ` Pedro Alves
2011-03-03 22:38 ` Alan Modra
1 sibling, 0 replies; 6+ messages in thread
From: Pedro Alves @ 2011-03-03 21:07 UTC (permalink / raw)
To: Michael Snyder; +Cc: gdb-patches, nickc, bug-binutils
On Thursday 03 March 2011 20:06:12, Michael Snyder wrote:
> >
> > Doesn't pe.h define them both the same?
>
> Hmm, yes... Coverity was evidently looking at the definition of
> E_FILNMLEN from include/coff/external.h, which is overridden by
> the one in pe.h.
Static analyser's output is always full of false positives.
Humans always need to filter it...
> >> Index: peXXigen.c
> >> ===================================================================
> >> RCS file: /cvs/src/src/bfd/peXXigen.c,v
> >> retrieving revision 1.69
> >> diff -u -p -u -p -r1.69 peXXigen.c
> >> --- peXXigen.c 21 Dec 2010 15:24:38 -0000 1.69
> >> +++ peXXigen.c 3 Mar 2011 18:03:44 -0000
> >> @@ -249,7 +249,7 @@ _bfd_XXi_swap_aux_in (bfd * abfd,
> >> in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
> >> }
> >> else
> >> - memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
> >> + memcpy (in->x_file.x_fname, ext->x_file.x_fname, E_FILNMLEN);
> >> return;
> >>
> >> case C_STAT:
> >> @@ -323,7 +323,7 @@ _bfd_XXi_swap_aux_out (bfd * abfd,
> >> H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
> >> }
> >> else
> >> - memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
> >> + memcpy (ext->x_file.x_fname, in->x_file.x_fname, E_FILNMLEN);
> >
> > If FILNMLEN can really be different from E_FILNMLEN, I'd've expected
> > something else needs doing here?
>
>
> Maybe this?
No. Think about what it would mean if the source is
larger than the destination, or the opposite.
I think doing what coffswap.h does is more appropriate:
#if FILNMLEN != E_FILNMLEN
#error we need to cope with truncating or extending FILNMLEN
#else
If coverity doesn't handle this, well, report them a bug.
(I think binutils patches to go binutils@sourceware.org,
not bug-binutils@gnu.org)
--
Pedro Alves
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.
2011-03-03 20:06 ` Michael Snyder
2011-03-03 21:07 ` Pedro Alves
@ 2011-03-03 22:38 ` Alan Modra
1 sibling, 0 replies; 6+ messages in thread
From: Alan Modra @ 2011-03-03 22:38 UTC (permalink / raw)
To: Michael Snyder; +Cc: Pedro Alves, gdb-patches, bug-binutils
On Thu, Mar 03, 2011 at 12:06:12PM -0800, Michael Snyder wrote:
> * peXXigen.c (_bfd_XXi_swap_aux_in): Use sizeof in memcpy.
> (_bfd_XXi_swap_aux_out): Ditto.
OK. The less code I have to look at to verify something is correct,
the more I like it.
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.
2011-03-03 18:09 [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy Michael Snyder
2011-03-03 19:13 ` Pedro Alves
@ 2011-03-04 12:58 ` Nick Clifton
1 sibling, 0 replies; 6+ messages in thread
From: Nick Clifton @ 2011-03-04 12:58 UTC (permalink / raw)
To: Michael Snyder; +Cc: bug-binutils, gdb-patches
Hi Michael,
> 2011-03-03 Michael Snyder <msnyder@msnyder-server.eng.vmware.com>
>
> * peXXigen.c (_bfd_XXi_swap_aux_in): Use E_FILNMNEN instead of
> FILENMLEN, otherwise will overwrite array.
Approved - please apply.
Cheers
Nick
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2011-03-04 12:58 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-03-03 18:09 [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy Michael Snyder
2011-03-03 19:13 ` Pedro Alves
2011-03-03 20:06 ` Michael Snyder
2011-03-03 21:07 ` Pedro Alves
2011-03-03 22:38 ` Alan Modra
2011-03-04 12:58 ` Nick Clifton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox