[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/21786] Stack-buffer-overflow in {coff,coff64}-rs6000.c
From: |
nickc at redhat dot com |
Subject: |
[Bug binutils/21786] Stack-buffer-overflow in {coff,coff64}-rs6000.c |
Date: |
Wed, 19 Jul 2017 10:16:13 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=21786
Nick Clifton <nickc at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
CC| |nickc at redhat dot com
Resolution|--- |FIXED
--- Comment #4 from Nick Clifton <nickc at redhat dot com> ---
Hi Ned,
Thanks for reporting this bug. Unfortunately the patch you proposed will
not work as the numeric strings in the archive header structure are not
guaranteed to be NUL terminated. In fact the specification explicitly
states:
16 Archive Member Headers
Each member (linker, longnames, or object-file member) is preceded
by a header. An archive member header has the following format,
in which each field is an ASCII text string that is left justified
and padded with spaces to the end of the field. There is no
terminating null character in any of these fields.
This is from "Microsoft Portable Executable and Common Object File
Format Specification Revision 8.3 – February 6, 2013"
So whilst there *might* be a space at the end of the field there definitely
will not be a NUL character.
The alternative is to copy the field into a NUL terminated buffer before
attempting to parse it, and this is what I have done with the patch
recently committed. As a bonus I also fixed up the places where strtoll
(instead of strtol) should have been used to read 20 character numeric
values.
Cheers
Nick
--
You are receiving this mail because:
You are on the CC list for the bug.
- [Bug binutils/21786] New: Stack-buffer-overflow in {coff,coff64}-rs6000.c, ned at forallsecure dot com, 2017/07/18
- [Bug binutils/21786] Stack-buffer-overflow in {coff,coff64}-rs6000.c, ned at forallsecure dot com, 2017/07/18
- [Bug binutils/21786] Stack-buffer-overflow in {coff,coff64}-rs6000.c, ned at forallsecure dot com, 2017/07/18
- [Bug binutils/21786] Stack-buffer-overflow in {coff,coff64}-rs6000.c, cvs-commit at gcc dot gnu.org, 2017/07/19
- [Bug binutils/21786] Stack-buffer-overflow in {coff,coff64}-rs6000.c,
nickc at redhat dot com <=
- [Bug binutils/21786] Stack-buffer-overflow in {coff,coff64}-rs6000.c, ned at forallsecure dot com, 2017/07/19
- [Bug binutils/21786] Stack-buffer-overflow in {coff,coff64}-rs6000.c, cvs-commit at gcc dot gnu.org, 2017/07/19
- [Bug binutils/21786] Stack-buffer-overflow in {coff,coff64}-rs6000.c, nickc at redhat dot com, 2017/07/19