https://sourceware.org/bugzilla/show_bug.cgi?id=20906
--- Comment #4 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Alan Modra <amo...@sourceware.org>: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ef4fa071e2c25b71e81a91646b43378cf957388 commit 6ef4fa071e2c25b71e81a91646b43378cf957388 Author: Alan Modra <amo...@gmail.com> Date: Wed Nov 3 16:21:42 2021 +1030 asan: dlltool buffer overflow: embedded NUL in string yyleng gives the pattern length, xstrdup just copies up to the NUL. So it is quite possible writing at an index of yyleng-2 overflows the xstrdup allocated string buffer. xmemdup quite handily avoids this problem, even writing the terminating NUL over the trailing quote. Use it in ldlex.l too where we'd already had a report of this problem and fixed it by hand, and to implement xmemdup0 in gas. binutils/ * deflex.l (single and double quote strings): Use xmemdup. gas/ * as.h (xmemdup0): Use xmemdup. ld/ PR 20906 * ldlex.l (double quote string): Use xmemdup. -- You are receiving this mail because: You are on the CC list for the bug.
