From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 28684 invoked by alias); 3 Mar 2011 21:07:08 -0000 Received: (qmail 28674 invoked by uid 22791); 3 Mar 2011 21:07:07 -0000 X-SWARE-Spam-Status: No, hits=-1.9 required=5.0 tests=AWL,BAYES_00,TW_CP,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mail.codesourcery.com (HELO mail.codesourcery.com) (38.113.113.100) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 03 Mar 2011 21:07:00 +0000 Received: (qmail 29661 invoked from network); 3 Mar 2011 21:06:59 -0000 Received: from unknown (HELO scottsdale.localnet) (pedro@127.0.0.2) by mail.codesourcery.com with ESMTPA; 3 Mar 2011 21:06:59 -0000 From: Pedro Alves To: Michael Snyder Subject: Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy. Date: Thu, 03 Mar 2011 21:07:00 -0000 User-Agent: KMail/1.13.5 (Linux/2.6.35-27-generic; KDE/4.6.0; x86_64; ; ) Cc: "gdb-patches@sourceware.org" , "nickc@redhat.com" , "bug-binutils@gnu.org" References: <4D6FD940.7050400@vmware.com> <201103031913.20960.pedro@codesourcery.com> <4D6FF4B4.9090601@vmware.com> In-Reply-To: <4D6FF4B4.9090601@vmware.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Message-Id: <201103032107.10093.pedro@codesourcery.com> X-IsSubscribed: yes Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org X-SW-Source: 2011-03/txt/msg00210.txt.bz2 On Thursday 03 March 2011 20:06:12, Michael Snyder wrote: > > > > Doesn't pe.h define them both the same? > > Hmm, yes... Coverity was evidently looking at the definition of > E_FILNMLEN from include/coff/external.h, which is overridden by > the one in pe.h. Static analyser's output is always full of false positives. Humans always need to filter it... > >> Index: peXXigen.c > >> =================================================================== > >> RCS file: /cvs/src/src/bfd/peXXigen.c,v > >> retrieving revision 1.69 > >> diff -u -p -u -p -r1.69 peXXigen.c > >> --- peXXigen.c 21 Dec 2010 15:24:38 -0000 1.69 > >> +++ peXXigen.c 3 Mar 2011 18:03:44 -0000 > >> @@ -249,7 +249,7 @@ _bfd_XXi_swap_aux_in (bfd * abfd, > >> in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset); > >> } > >> else > >> - memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN); > >> + memcpy (in->x_file.x_fname, ext->x_file.x_fname, E_FILNMLEN); > >> return; > >> > >> case C_STAT: > >> @@ -323,7 +323,7 @@ _bfd_XXi_swap_aux_out (bfd * abfd, > >> H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset); > >> } > >> else > >> - memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN); > >> + memcpy (ext->x_file.x_fname, in->x_file.x_fname, E_FILNMLEN); > > > > If FILNMLEN can really be different from E_FILNMLEN, I'd've expected > > something else needs doing here? > > > Maybe this? No. Think about what it would mean if the source is larger than the destination, or the opposite. I think doing what coffswap.h does is more appropriate: #if FILNMLEN != E_FILNMLEN #error we need to cope with truncating or extending FILNMLEN #else If coverity doesn't handle this, well, report them a bug. (I think binutils patches to go binutils@sourceware.org, not bug-binutils@gnu.org) -- Pedro Alves