From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-79092-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 23376 invoked by alias); 3 Mar 2011 20:06:19 -0000
Received: (qmail 23368 invoked by uid 22791); 3 Mar 2011 20:06:18 -0000
X-SWARE-Spam-Status: No, hits=-5.1 required=5.0	tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,TW_CP,T_RP_MATCHES_RCVD
X-Spam-Check-By: sourceware.org
Received: from smtp-outbound-2.vmware.com (HELO smtp-outbound-2.vmware.com) (65.115.85.73)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 03 Mar 2011 20:06:14 +0000
Received: from mailhost4.vmware.com (mailhost4.vmware.com [10.16.67.124])	by smtp-outbound-2.vmware.com (Postfix) with ESMTP id B09205A038;	Thu,  3 Mar 2011 12:06:12 -0800 (PST)
Received: from msnyder-server.eng.vmware.com (promd-2s-dhcp138.eng.vmware.com [10.20.124.138])	by mailhost4.vmware.com (Postfix) with ESMTP id A6117C9C46;	Thu,  3 Mar 2011 12:06:12 -0800 (PST)
Message-ID: <4D6FF4B4.9090601@vmware.com>
Date: Thu, 03 Mar 2011 20:06:00 -0000
From: Michael Snyder <msnyder@vmware.com>
User-Agent: Thunderbird 2.0.0.24 (X11/20101201)
MIME-Version: 1.0
To: Pedro Alves <pedro@codesourcery.com>
CC: "gdb-patches@sourceware.org" <gdb-patches@sourceware.org>,  "nickc@redhat.com" <nickc@redhat.com>, "bug-binutils@gnu.org" <bug-binutils@gnu.org>
Subject: Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.
References: <4D6FD940.7050400@vmware.com> <201103031913.20960.pedro@codesourcery.com>
In-Reply-To: <201103031913.20960.pedro@codesourcery.com>
Content-Type: multipart/mixed; boundary="------------070503060202000605050104"
X-IsSubscribed: yes
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2011-03/txt/msg00205.txt.bz2

This is a multi-part message in MIME format.
--------------070503060202000605050104
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Content-length: 1571

Pedro Alves wrote:
> On Thursday 03 March 2011 18:09:04, Michael Snyder wrote:
>>   2011-03-03  Michael Snyder  <msnyder@msnyder-server.eng.vmware.com>
>>
>>         * peXXigen.c (_bfd_XXi_swap_aux_in): Use E_FILNMNEN instead of
>>         FILENMLEN, otherwise will overwrite array.
> 
> Doesn't pe.h define them both the same?

Hmm, yes... Coverity was evidently looking at the definition of 
E_FILNMLEN from include/coff/external.h, which is overridden by
the one in pe.h.

>> Index: peXXigen.c
>> ===================================================================
>> RCS file: /cvs/src/src/bfd/peXXigen.c,v
>> retrieving revision 1.69
>> diff -u -p -u -p -r1.69 peXXigen.c
>> --- peXXigen.c  21 Dec 2010 15:24:38 -0000      1.69
>> +++ peXXigen.c  3 Mar 2011 18:03:44 -0000
>> @@ -249,7 +249,7 @@ _bfd_XXi_swap_aux_in (bfd * abfd,
>>           in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
>>         }
>>        else
>> -       memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
>> +       memcpy (in->x_file.x_fname, ext->x_file.x_fname, E_FILNMLEN);
>>        return;
>>  
>>      case C_STAT:
>> @@ -323,7 +323,7 @@ _bfd_XXi_swap_aux_out (bfd *  abfd,
>>           H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
>>         }
>>        else
>> -       memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
>> +       memcpy (ext->x_file.x_fname, in->x_file.x_fname, E_FILNMLEN);
> 
> If FILNMLEN can really be different from E_FILNMLEN, I'd've expected
> something else needs doing here?


Maybe this?




--------------070503060202000605050104
Content-Type: text/plain;
 name="peXXigen2.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="peXXigen2.txt"
Content-length: 1078

2011-03-03  Michael Snyder  <msnyder@msnyder-server.eng.vmware.com>

	* peXXigen.c (_bfd_XXi_swap_aux_in): Use sizeof in memcpy.
	(_bfd_XXi_swap_aux_out): Ditto.

Index: peXXigen.c
===================================================================
RCS file: /cvs/src/src/bfd/peXXigen.c,v
retrieving revision 1.69
diff -u -p -u -p -r1.69 peXXigen.c
--- peXXigen.c	21 Dec 2010 15:24:38 -0000	1.69
+++ peXXigen.c	3 Mar 2011 20:04:59 -0000
@@ -249,7 +249,8 @@ _bfd_XXi_swap_aux_in (bfd *	abfd,
 	  in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
 	}
       else
-	memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
+	memcpy (in->x_file.x_fname, ext->x_file.x_fname,
+		sizeof (in->x_file.x_fname));
       return;
 
     case C_STAT:
@@ -323,7 +324,8 @@ _bfd_XXi_swap_aux_out (bfd *  abfd,
 	  H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
 	}
       else
-	memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
+	memcpy (ext->x_file.x_fname, in->x_file.x_fname,
+		sizeof (ext->x_file.x_fname));
 
       return AUXESZ;
 

--------------070503060202000605050104--