http://sourceware.org/bugzilla/show_bug.cgi?id=13300
Bug #: 13300
Summary: out-of-bounds memcpy in peXXigen.c
Product: binutils
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: binutils
AssignedTo: unassig...@sourceware.org
ReportedBy: pascal.stu...@cubes.de
Classification: Unclassified
In bfd, peXXigen.c, lines 252 and 326, a memcpy is done to a buffer of size 14
(declared in coff/internal.h) with a length of FILNMLEN. FILNMLEN is defined as
14 in coff/internal.h, however it is redefined in coff/pe.h as 18 (included
after coff/internal.h). So the memcpy will attempt to copy 18 bytes into a
14-byte buffer. (This was caught by the -Wbounded flag for gcc on OpenBSD.)
I don't have much insight on the motivation behind having different definitions
for FILNMLEN/E_FILNMLEN, but it probably should be defined consistently as
either 14 or 18 to avoid confusion. Or even better, define it in *one* place
instead of so many.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
