bug-binutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug libctf/28933] buffer overflow on powerpc-linux

From: nick.alcock at oracle dot com
Subject: [Bug libctf/28933] buffer overflow on powerpc-linux
Date: Thu, 03 Mar 2022 12:09:13 +0000 
https://sourceware.org/bugzilla/show_bug.cgi?id=28933

Nick Alcock <nick.alcock at oracle dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
           Assignee|unassigned at sourceware dot org   |nick.alcock at oracle 
dot com

--- Comment #1 from Nick Alcock <nick.alcock at oracle dot com> ---
Interesting! I routinely do both, so this must be a recent regression (well,
ok, as recent as a few months ago. I'll get back to libctf soon.)

This is assembler input for a corrupted CTF dict, but we shouldn't
buffer-overrun even in that case. The fundamental problem is that ctf_bufopen
trusts the length it was passed in the ctf_sect_t (it has to: that's the only
length it gets), but never checks that the CTF header is consistent with it.
(Fixing that will break the test: I'll fix it so it still tests what it's meant
to, and add a new test for this case.)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]