[Bug binutils/20499] gprof: segmentation fault on invalid symbol file

[nickc at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=20499

--- Comment #4 from Nick Clifton <nickc at redhat dot com> ---
Created attachment 9468
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9468&action=edit
Proposed patch

In reply to Tobias Stoeckmann from comment #3)

Hi Tobias,

> The variable "name" is malloc()ed, so the content cannot be guaranteed to be
> nul-terminated after first iteration (scanf fails, of course).

Actually the sscanf ought to seg-fault, although you are right, it porbably
wont. 

What do you think of this potential patch ?  It fixes the sscanf calls so that
a maximum buffer width is used.  sscanf will ensure that the returned string is
NULL terminated, so the strlen should then work.

Cheers
  Nick

PS.  I think that it would be better to use a #define'd constant for BUFSIZ and
a related macro to create the sscanf format string.  That way if someone wants
to change BUFSIZE in the future they will not have to worry about updating the
sscanf format as well.

-- 
You are receiving this mail because:
You are on the CC list for the bug.