[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug ld/20906] LD: ld crashes for malformed inputs
From: |
cvs-commit at gcc dot gnu.org |
Subject: |
[Bug ld/20906] LD: ld crashes for malformed inputs |
Date: |
Wed, 03 Nov 2021 06:40:26 +0000 |
https://sourceware.org/bugzilla/show_bug.cgi?id=20906
--- Comment #4 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot
gnu.org> ---
The master branch has been updated by Alan Modra <amodra@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ef4fa071e2c25b71e81a91646b43378cf957388
commit 6ef4fa071e2c25b71e81a91646b43378cf957388
Author: Alan Modra <amodra@gmail.com>
Date: Wed Nov 3 16:21:42 2021 +1030
asan: dlltool buffer overflow: embedded NUL in string
yyleng gives the pattern length, xstrdup just copies up to the NUL.
So it is quite possible writing at an index of yyleng-2 overflows
the xstrdup allocated string buffer. xmemdup quite handily avoids
this problem, even writing the terminating NUL over the trailing
quote. Use it in ldlex.l too where we'd already had a report of this
problem and fixed it by hand, and to implement xmemdup0 in gas.
binutils/
* deflex.l (single and double quote strings): Use xmemdup.
gas/
* as.h (xmemdup0): Use xmemdup.
ld/
PR 20906
* ldlex.l (double quote string): Use xmemdup.
--
You are receiving this mail because:
You are on the CC list for the bug.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug ld/20906] LD: ld crashes for malformed inputs,
cvs-commit at gcc dot gnu.org <=