https://sourceware.org/bugzilla/show_bug.cgi?id=20499
Nick Clifton <nickc at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #9465|0 |1
is obsolete| |
Attachment #9468|0 |1
is obsolete| |
--- Comment #6 from Nick Clifton <nickc at redhat dot com> ---
Created attachment 9470
--> https://sourceware.org/bugzilla/attachment.cgi?id=9470&action=edit
Proposed patch
Hi Tobias,
> The actual issue arises if the parsed line does not match "%s %c %s". This
> pattern fills address, type, and name in that order. If the input is merely
> "x", only "address" is filled, the others are left alone.
Good point. It also shiws a weakness in my original patch, in that it did not
address the true cause of the problem.
I have uploaded another potential patch which I think should get both things
right - it provides upper limits to the sscanf and fscanf calls, so that the
string buffers cannot overflow, and it changes the loop in
core_create_sym_from() so that only lines where the sscanf function succeeds
are then converted into symbols. Please have a look and let me know what you
think.
Cheers
Nick
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-binutils
