[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/11742] New: readelf.c: get_archive_member_name(): array su
From: |
haubi at gentoo dot org |
Subject: |
[Bug binutils/11742] New: readelf.c: get_archive_member_name(): array subscript is above array bounds |
Date: |
23 Jun 2010 12:00:58 -0000 |
Compiling binutils-2.20.1 on hppa-hpux using hp-gcc-4.4.3 with CFLAGS=-O3 tells
this warning, which is treated as error:
/binutils/readelf.c: In function 'get_archive_member_name':
/binutils/readelf.c:11200: error: array subscript is above array bounds
The code there in function get_archive_member_name() is:
11199 j = 0;
11200 while ((arch->arhdr.ar_name[j] != '/') && (j < 16))
11201 j++;
11202 arch->arhdr.ar_name[j] = '\0';
Why this is 'above aray bounds': When there is no '/' found in ar_name, 'j'
increments up to 15 - which is still lower than 16, thus 'j' is incremented to
16, and used again in next iteration in #11200 for reading.
Subsequently, 'j' is used for writing in #11202, which is beyond ar_name too.
The declaration of 'ar_name' in 'struct ar_hdr' is in include/aout/ar.h:
43 struct ar_hdr
44 {
45 char ar_name[16]; /* Name of this member. */
46 char ar_date[12]; /* File mtime. */
BTW: This code was committed to readelf.c in revision 1.439.
--
Summary: readelf.c: get_archive_member_name(): array subscript is
above array bounds
Product: binutils
Version: 2.20
Status: NEW
Severity: normal
Priority: P2
Component: binutils
AssignedTo: unassigned at sources dot redhat dot com
ReportedBy: haubi at gentoo dot org
CC: bug-binutils at gnu dot org
GCC build triplet: hppa2.0w-hp-hpux11.31
GCC host triplet: hppa2.0w-hp-hpux11.31
GCC target triplet: hppa2.0w-hp-hpux11.31
http://sourceware.org/bugzilla/show_bug.cgi?id=11742
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
- [Bug binutils/11742] New: readelf.c: get_archive_member_name(): array subscript is above array bounds,
haubi at gentoo dot org <=