Fix potential buffer overflows with sprintf and very large integer values.

binutuils* prdbg.c (pr_enum_type): Use a buffer big enough to hold an
	extremely large decimal value.
	(pr_range_type): Likewise.
	(pr_array_type): Likewise.
	(pr_struct_field): Likewise.
	(pr_class_baseclass): Likewise.
	(pr_class_method_variant): Likewise.
	(pr_tag_type): Likewise.
	(pr_int_constant): Likewise.
	(pr_typed_constant): Likewise.
	(pr_variable): Likewise.
	(pr_function_parameter): Likewise.
	(pr_start_block): Likewise.
	(pr_lineno): Likewise.
	(pr_end_block): Likewise.
	(tg_enum_type): Likewise.
	(tg_int_constant): Likewise.
	(tg_typed_constant): Likewise.
	(tg_start_block): Likewise.

gas	* macro.c (macro_expand_body): Use a buffer big enough to hold an
	extremely large integer.
This commit is contained in:
Nick Clifton 2016-07-01 12:35:01 +01:00
parent 20aa2c606e
commit 98a4fc78f9
4 changed files with 46 additions and 19 deletions

View File

@ -1,3 +1,25 @@
2016-07-01 Nick Clifton <nickc@redhat.com>
* prdbg.c (pr_enum_type): Use a buffer big enough to hold an
extremely large decimal value.
(pr_range_type): Likewise.
(pr_array_type): Likewise.
(pr_struct_field): Likewise.
(pr_class_baseclass): Likewise.
(pr_class_method_variant): Likewise.
(pr_tag_type): Likewise.
(pr_int_constant): Likewise.
(pr_typed_constant): Likewise.
(pr_variable): Likewise.
(pr_function_parameter): Likewise.
(pr_start_block): Likewise.
(pr_lineno): Likewise.
(pr_end_block): Likewise.
(tg_enum_type): Likewise.
(tg_int_constant): Likewise.
(tg_typed_constant): Likewise.
(tg_start_block): Likewise.
2016-07-01 Nick Clifton <nickc@redhat.com>
* testsuite/binutils-all/objcopy.exp

View File

@ -672,7 +672,7 @@ pr_enum_type (void *p, const char *tag, const char **names,
if (values[i] != val)
{
char ab[20];
char ab[22];
print_vma (values[i], ab, FALSE, FALSE);
if (! append_type (info, " = ")
@ -802,7 +802,7 @@ static bfd_boolean
pr_range_type (void *p, bfd_signed_vma lower, bfd_signed_vma upper)
{
struct pr_handle *info = (struct pr_handle *) p;
char abl[20], abu[20];
char abl[22], abu[22];
assert (info->stack != NULL);
@ -827,7 +827,7 @@ pr_array_type (void *p, bfd_signed_vma lower, bfd_signed_vma upper,
{
struct pr_handle *info = (struct pr_handle *) p;
char *range_type;
char abl[20], abu[20], ab[50];
char abl[22], abu[22], ab[50];
range_type = pop_type (info);
if (range_type == NULL)
@ -1151,7 +1151,7 @@ pr_struct_field (void *p, const char *name, bfd_vma bitpos, bfd_vma bitsize,
enum debug_visibility visibility)
{
struct pr_handle *info = (struct pr_handle *) p;
char ab[20];
char ab[22];
char *t;
if (! substitute_type (info, name))
@ -1335,7 +1335,7 @@ pr_class_baseclass (void *p, bfd_vma bitpos, bfd_boolean is_virtual,
struct pr_handle *info = (struct pr_handle *) p;
char *t;
const char *prefix;
char ab[20];
char ab[22];
char *s, *l, *n;
assert (info->stack != NULL && info->stack->next != NULL);
@ -1495,7 +1495,7 @@ pr_class_method_variant (void *p, const char *physname,
return FALSE;
if (context || voffset != 0)
{
char ab[20];
char ab[22];
if (context)
{
@ -1602,7 +1602,7 @@ pr_tag_type (void *p, const char *name, unsigned int id,
{
struct pr_handle *info = (struct pr_handle *) p;
const char *t, *tag;
char idbuf[20];
char idbuf[22];
switch (kind)
{
@ -1698,7 +1698,7 @@ static bfd_boolean
pr_int_constant (void *p, const char *name, bfd_vma val)
{
struct pr_handle *info = (struct pr_handle *) p;
char ab[20];
char ab[22];
indent (info);
print_vma (val, ab, FALSE, FALSE);
@ -1725,7 +1725,7 @@ pr_typed_constant (void *p, const char *name, bfd_vma val)
{
struct pr_handle *info = (struct pr_handle *) p;
char *t;
char ab[20];
char ab[22];
t = pop_type (info);
if (t == NULL)
@ -1748,7 +1748,7 @@ pr_variable (void *p, const char *name, enum debug_var_kind kind,
{
struct pr_handle *info = (struct pr_handle *) p;
char *t;
char ab[20];
char ab[22];
if (! substitute_type (info, name))
return FALSE;
@ -1811,7 +1811,7 @@ pr_function_parameter (void *p, const char *name,
{
struct pr_handle *info = (struct pr_handle *) p;
char *t;
char ab[20];
char ab[22];
if (kind == DEBUG_PARM_REFERENCE
|| kind == DEBUG_PARM_REF_REG)
@ -1849,7 +1849,7 @@ static bfd_boolean
pr_start_block (void *p, bfd_vma addr)
{
struct pr_handle *info = (struct pr_handle *) p;
char ab[20];
char ab[22];
if (info->parameter > 0)
{
@ -1872,7 +1872,7 @@ static bfd_boolean
pr_lineno (void *p, const char *filename, unsigned long lineno, bfd_vma addr)
{
struct pr_handle *info = (struct pr_handle *) p;
char ab[20];
char ab[22];
indent (info);
print_vma (addr, ab, TRUE, TRUE);
@ -1887,7 +1887,7 @@ static bfd_boolean
pr_end_block (void *p, bfd_vma addr)
{
struct pr_handle *info = (struct pr_handle *) p;
char ab[20];
char ab[22];
info->indent -= 2;
@ -1993,7 +1993,7 @@ tg_enum_type (void *p, const char *tag, const char **names,
struct pr_handle *info = (struct pr_handle *) p;
unsigned int i;
const char *name;
char ab[20];
char ab[22];
if (! pr_enum_type (p, tag, names, values))
return FALSE;
@ -2540,7 +2540,7 @@ static bfd_boolean
tg_int_constant (void *p, const char *name, bfd_vma val)
{
struct pr_handle *info = (struct pr_handle *) p;
char ab[20];
char ab[22];
indent (info);
print_vma (val, ab, FALSE, FALSE);
@ -2569,7 +2569,7 @@ tg_typed_constant (void *p, const char *name, bfd_vma val)
{
struct pr_handle *info = (struct pr_handle *) p;
char *t;
char ab[20];
char ab[22];
t = pop_type (info);
if (t == NULL)
@ -2747,7 +2747,7 @@ static bfd_boolean
tg_start_block (void *p, bfd_vma addr)
{
struct pr_handle *info = (struct pr_handle *) p;
char ab[20], kind, *partof;
char ab[22], kind, *partof;
char *t;
bfd_boolean local;

View File

@ -1,3 +1,8 @@
2016-07-01 Nick Clifton <nickc@redhat.com>
* macro.c (macro_expand_body): Use a buffer big enough to hold an
extremely large integer.
2016-07-01 Jan Beulich <jbeulich@suse.com>
* testsuite/gas/i386/mpx-inval-2.l: Relax for COFF targets.

View File

@ -842,7 +842,7 @@ macro_expand_body (sb *in, sb *out, formal_entry *formals,
{
/* Sub in the macro invocation number. */
char buffer[10];
char buffer[12];
src++;
sprintf (buffer, "%d", macro_number);
sb_add_string (out, buffer);