Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.

bug-binutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.

From:	Michael Snyder
Subject:	Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.
Date:	Thu, 03 Mar 2011 12:06:12 -0800
User-agent:	Thunderbird 2.0.0.24 (X11/20101201)

Pedro Alves wrote:

On Thursday 03 March 2011 18:09:04, Michael Snyder wrote:

  2011-03-03  Michael Snyder  <address@hidden>

        * peXXigen.c (_bfd_XXi_swap_aux_in): Use E_FILNMNEN instead of
        FILENMLEN, otherwise will overwrite array.


Doesn't pe.h define them both the same?

Hmm, yes... Coverity was evidently looking at the definition ofE_FILNMLEN from include/coff/external.h, which is overridden by

the one in pe.h.

Index: peXXigen.c
===================================================================
RCS file: /cvs/src/src/bfd/peXXigen.c,v
retrieving revision 1.69
diff -u -p -u -p -r1.69 peXXigen.c
--- peXXigen.c  21 Dec 2010 15:24:38 -0000      1.69
+++ peXXigen.c  3 Mar 2011 18:03:44 -0000
@@ -249,7 +249,7 @@ _bfd_XXi_swap_aux_in (bfd * abfd,
          in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
        }
       else
-       memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
+       memcpy (in->x_file.x_fname, ext->x_file.x_fname, E_FILNMLEN);
       return;

case C_STAT:

@@ -323,7 +323,7 @@ _bfd_XXi_swap_aux_out (bfd *  abfd,
          H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
        }
       else
-       memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
+       memcpy (ext->x_file.x_fname, in->x_file.x_fname, E_FILNMLEN);


If FILNMLEN can really be different from E_FILNMLEN, I'd've expected
something else needs doing here?



Maybe this?

2011-03-03  Michael Snyder  <address@hidden>

        * peXXigen.c (_bfd_XXi_swap_aux_in): Use sizeof in memcpy.
        (_bfd_XXi_swap_aux_out): Ditto.

Index: peXXigen.c
===================================================================
RCS file: /cvs/src/src/bfd/peXXigen.c,v
retrieving revision 1.69
diff -u -p -u -p -r1.69 peXXigen.c
--- peXXigen.c  21 Dec 2010 15:24:38 -0000      1.69
+++ peXXigen.c  3 Mar 2011 20:04:59 -0000
@@ -249,7 +249,8 @@ _bfd_XXi_swap_aux_in (bfd * abfd,
          in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
        }
       else
-       memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
+       memcpy (in->x_file.x_fname, ext->x_file.x_fname,
+               sizeof (in->x_file.x_fname));
       return;
 
     case C_STAT:
@@ -323,7 +324,8 @@ _bfd_XXi_swap_aux_out (bfd *  abfd,
          H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
        }
       else
-       memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
+       memcpy (ext->x_file.x_fname, in->x_file.x_fname,
+               sizeof (ext->x_file.x_fname));
 
       return AUXESZ;

[Prev in Thread]

Current Thread

[Next in Thread]

[RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy., Michael Snyder, 2011/03/03
- Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy., Pedro Alves, 2011/03/03
  - Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy., Michael Snyder <=
    - Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy., Alan Modra, 2011/03/03
    - Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy., Pedro Alves, 2011/03/03
- Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy., Nick Clifton, 2011/03/04

Prev by Date: [RFA] coff-x86_64.c (coff_amd64_rtype_to_howto): Fencepost error?
Next by Date: [RFA] bfd/dwarf2.c/scan_unit_for_symbols, fix a memory leak.
Previous by thread: Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.
Next by thread: Re: [RFA] peXXigen.c, _bfd_XXi_swap_aux_in, wrong size used in memcpy.
Index(es):
- Date
- Thread