* [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.
@ 2011-03-03 18:09 Michael Snyder
2011-03-03 19:13 ` Pedro Alves
2011-03-04 12:58 ` Nick Clifton
0 siblings, 2 replies; 6+ messages in thread
From: Michael Snyder @ 2011-03-03 18:09 UTC (permalink / raw)
To: nickc, bug-binutils, gdb-patches
[-- Attachment #1: Type: text/plain, Size: 10 bytes --]
OK Nick?
[-- Attachment #2: peXXigen.txt --]
[-- Type: text/plain, Size: 1052 bytes --]
2011-03-03 Michael Snyder <msnyder@msnyder-server.eng.vmware.com>
* peXXigen.c (_bfd_XXi_swap_aux_in): Use E_FILNMNEN instead of
FILENMLEN, otherwise will overwrite array.
Index: peXXigen.c
===================================================================
RCS file: /cvs/src/src/bfd/peXXigen.c,v
retrieving revision 1.69
diff -u -p -u -p -r1.69 peXXigen.c
--- peXXigen.c 21 Dec 2010 15:24:38 -0000 1.69
+++ peXXigen.c 3 Mar 2011 18:03:44 -0000
@@ -249,7 +249,7 @@ _bfd_XXi_swap_aux_in (bfd * abfd,
in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
}
else
- memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
+ memcpy (in->x_file.x_fname, ext->x_file.x_fname, E_FILNMLEN);
return;
case C_STAT:
@@ -323,7 +323,7 @@ _bfd_XXi_swap_aux_out (bfd * abfd,
H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
}
else
- memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
+ memcpy (ext->x_file.x_fname, in->x_file.x_fname, E_FILNMLEN);
return AUXESZ;
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy. 2011-03-03 18:09 [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy Michael Snyder @ 2011-03-03 19:13 ` Pedro Alves 2011-03-03 20:06 ` Michael Snyder 2011-03-04 12:58 ` Nick Clifton 1 sibling, 1 reply; 6+ messages in thread From: Pedro Alves @ 2011-03-03 19:13 UTC (permalink / raw) To: gdb-patches; +Cc: Michael Snyder, nickc, bug-binutils On Thursday 03 March 2011 18:09:04, Michael Snyder wrote: > 2011-03-03 Michael Snyder <msnyder@msnyder-server.eng.vmware.com> > > * peXXigen.c (_bfd_XXi_swap_aux_in): Use E_FILNMNEN instead of > FILENMLEN, otherwise will overwrite array. Doesn't pe.h define them both the same? > > Index: peXXigen.c > =================================================================== > RCS file: /cvs/src/src/bfd/peXXigen.c,v > retrieving revision 1.69 > diff -u -p -u -p -r1.69 peXXigen.c > --- peXXigen.c 21 Dec 2010 15:24:38 -0000 1.69 > +++ peXXigen.c 3 Mar 2011 18:03:44 -0000 > @@ -249,7 +249,7 @@ _bfd_XXi_swap_aux_in (bfd * abfd, > in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset); > } > else > - memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN); > + memcpy (in->x_file.x_fname, ext->x_file.x_fname, E_FILNMLEN); > return; > > case C_STAT: > @@ -323,7 +323,7 @@ _bfd_XXi_swap_aux_out (bfd * abfd, > H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset); > } > else > - memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN); > + memcpy (ext->x_file.x_fname, in->x_file.x_fname, E_FILNMLEN); If FILNMLEN can really be different from E_FILNMLEN, I'd've expected something else needs doing here? -- Pedro Alves ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy. 2011-03-03 19:13 ` Pedro Alves @ 2011-03-03 20:06 ` Michael Snyder 2011-03-03 21:07 ` Pedro Alves 2011-03-03 22:38 ` Alan Modra 0 siblings, 2 replies; 6+ messages in thread From: Michael Snyder @ 2011-03-03 20:06 UTC (permalink / raw) To: Pedro Alves; +Cc: gdb-patches, nickc, bug-binutils [-- Attachment #1: Type: text/plain, Size: 1571 bytes --] Pedro Alves wrote: > On Thursday 03 March 2011 18:09:04, Michael Snyder wrote: >> 2011-03-03 Michael Snyder <msnyder@msnyder-server.eng.vmware.com> >> >> * peXXigen.c (_bfd_XXi_swap_aux_in): Use E_FILNMNEN instead of >> FILENMLEN, otherwise will overwrite array. > > Doesn't pe.h define them both the same? Hmm, yes... Coverity was evidently looking at the definition of E_FILNMLEN from include/coff/external.h, which is overridden by the one in pe.h. >> Index: peXXigen.c >> =================================================================== >> RCS file: /cvs/src/src/bfd/peXXigen.c,v >> retrieving revision 1.69 >> diff -u -p -u -p -r1.69 peXXigen.c >> --- peXXigen.c 21 Dec 2010 15:24:38 -0000 1.69 >> +++ peXXigen.c 3 Mar 2011 18:03:44 -0000 >> @@ -249,7 +249,7 @@ _bfd_XXi_swap_aux_in (bfd * abfd, >> in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset); >> } >> else >> - memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN); >> + memcpy (in->x_file.x_fname, ext->x_file.x_fname, E_FILNMLEN); >> return; >> >> case C_STAT: >> @@ -323,7 +323,7 @@ _bfd_XXi_swap_aux_out (bfd * abfd, >> H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset); >> } >> else >> - memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN); >> + memcpy (ext->x_file.x_fname, in->x_file.x_fname, E_FILNMLEN); > > If FILNMLEN can really be different from E_FILNMLEN, I'd've expected > something else needs doing here? Maybe this? [-- Attachment #2: peXXigen2.txt --] [-- Type: text/plain, Size: 1078 bytes --] 2011-03-03 Michael Snyder <msnyder@msnyder-server.eng.vmware.com> * peXXigen.c (_bfd_XXi_swap_aux_in): Use sizeof in memcpy. (_bfd_XXi_swap_aux_out): Ditto. Index: peXXigen.c =================================================================== RCS file: /cvs/src/src/bfd/peXXigen.c,v retrieving revision 1.69 diff -u -p -u -p -r1.69 peXXigen.c --- peXXigen.c 21 Dec 2010 15:24:38 -0000 1.69 +++ peXXigen.c 3 Mar 2011 20:04:59 -0000 @@ -249,7 +249,8 @@ _bfd_XXi_swap_aux_in (bfd * abfd, in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset); } else - memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN); + memcpy (in->x_file.x_fname, ext->x_file.x_fname, + sizeof (in->x_file.x_fname)); return; case C_STAT: @@ -323,7 +324,8 @@ _bfd_XXi_swap_aux_out (bfd * abfd, H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset); } else - memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN); + memcpy (ext->x_file.x_fname, in->x_file.x_fname, + sizeof (ext->x_file.x_fname)); return AUXESZ; ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy. 2011-03-03 20:06 ` Michael Snyder @ 2011-03-03 21:07 ` Pedro Alves 2011-03-03 22:38 ` Alan Modra 1 sibling, 0 replies; 6+ messages in thread From: Pedro Alves @ 2011-03-03 21:07 UTC (permalink / raw) To: Michael Snyder; +Cc: gdb-patches, nickc, bug-binutils On Thursday 03 March 2011 20:06:12, Michael Snyder wrote: > > > > Doesn't pe.h define them both the same? > > Hmm, yes... Coverity was evidently looking at the definition of > E_FILNMLEN from include/coff/external.h, which is overridden by > the one in pe.h. Static analyser's output is always full of false positives. Humans always need to filter it... > >> Index: peXXigen.c > >> =================================================================== > >> RCS file: /cvs/src/src/bfd/peXXigen.c,v > >> retrieving revision 1.69 > >> diff -u -p -u -p -r1.69 peXXigen.c > >> --- peXXigen.c 21 Dec 2010 15:24:38 -0000 1.69 > >> +++ peXXigen.c 3 Mar 2011 18:03:44 -0000 > >> @@ -249,7 +249,7 @@ _bfd_XXi_swap_aux_in (bfd * abfd, > >> in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset); > >> } > >> else > >> - memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN); > >> + memcpy (in->x_file.x_fname, ext->x_file.x_fname, E_FILNMLEN); > >> return; > >> > >> case C_STAT: > >> @@ -323,7 +323,7 @@ _bfd_XXi_swap_aux_out (bfd * abfd, > >> H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset); > >> } > >> else > >> - memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN); > >> + memcpy (ext->x_file.x_fname, in->x_file.x_fname, E_FILNMLEN); > > > > If FILNMLEN can really be different from E_FILNMLEN, I'd've expected > > something else needs doing here? > > > Maybe this? No. Think about what it would mean if the source is larger than the destination, or the opposite. I think doing what coffswap.h does is more appropriate: #if FILNMLEN != E_FILNMLEN #error we need to cope with truncating or extending FILNMLEN #else If coverity doesn't handle this, well, report them a bug. (I think binutils patches to go binutils@sourceware.org, not bug-binutils@gnu.org) -- Pedro Alves ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy. 2011-03-03 20:06 ` Michael Snyder 2011-03-03 21:07 ` Pedro Alves @ 2011-03-03 22:38 ` Alan Modra 1 sibling, 0 replies; 6+ messages in thread From: Alan Modra @ 2011-03-03 22:38 UTC (permalink / raw) To: Michael Snyder; +Cc: Pedro Alves, gdb-patches, bug-binutils On Thu, Mar 03, 2011 at 12:06:12PM -0800, Michael Snyder wrote: > * peXXigen.c (_bfd_XXi_swap_aux_in): Use sizeof in memcpy. > (_bfd_XXi_swap_aux_out): Ditto. OK. The less code I have to look at to verify something is correct, the more I like it. -- Alan Modra Australia Development Lab, IBM ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy. 2011-03-03 18:09 [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy Michael Snyder 2011-03-03 19:13 ` Pedro Alves @ 2011-03-04 12:58 ` Nick Clifton 1 sibling, 0 replies; 6+ messages in thread From: Nick Clifton @ 2011-03-04 12:58 UTC (permalink / raw) To: Michael Snyder; +Cc: bug-binutils, gdb-patches Hi Michael, > 2011-03-03 Michael Snyder <msnyder@msnyder-server.eng.vmware.com> > > * peXXigen.c (_bfd_XXi_swap_aux_in): Use E_FILNMNEN instead of > FILENMLEN, otherwise will overwrite array. Approved - please apply. Cheers Nick ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2011-03-04 12:58 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2011-03-03 18:09 [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy Michael Snyder 2011-03-03 19:13 ` Pedro Alves 2011-03-03 20:06 ` Michael Snyder 2011-03-03 21:07 ` Pedro Alves 2011-03-03 22:38 ` Alan Modra 2011-03-04 12:58 ` Nick Clifton
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox