On Sat, Feb 4, 2017 at 12:15 PM, Dave Watson <[email protected]> wrote:
> + char debug_path[PATH_MAX]; > + char *link = ((uint8_t *) ei.image) + shdr->sh_offset; > + size_t link_len = shdr->sh_size; > + > + strncpy(debug_path, link, link_len); Did you mean to limit strncpy to PATH_MAX? .gnu_debuglink can be arbitrarily large, and above strncpy can overflow debug_path[]. You probably want to reject .gnu_debuglink if link_len > PATH_MAX, and use memcpy if it's not. -- Paul Pluzhnikov _______________________________________________ Libunwind-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/libunwind-devel
