[ARM] fix buffer overflow in gas

Message ID	CABXYE2XgtLdfCj_7TcFUOLfbwWaUt2KjYgTv5CAZkMTiDv1kRA@mail.gmail.com
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of binutils-return-89514-patch=linaro.org@sourceware.org designates 209.132.180.131 as permitted sender) client-ip=209.132.180.131; DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:date:message-id:subject:from:to :content-type; q=dns; s=default; b=Tf3mXXf1qWdHZRCIOKRm9SVBqNWI/ NCn4ddhnexbQ7iTazrU3BZ14PdVkoiYX6KCYWK9PV76I3tf44kH1hxSR0V8SbKU+ 0F5Jl44YCo6fcR6f153fAWTEZlH2ZGdxffsJaO5hE1AnHMPXoH+k1yF9se5cAPlK 15WpTVbw1qe0dM= Mailing-List: contact binutils-help@sourceware.org; run by ezmlm Precedence: bulk Sender: binutils-owner@sourceware.org MIME-Version: 1.0 Date: Mon, 26 Oct 2015 11:28:41 -0700 Message-ID: <CABXYE2XgtLdfCj_7TcFUOLfbwWaUt2KjYgTv5CAZkMTiDv1kRA@mail.gmail.com> Subject: [PATCH] [ARM] fix buffer overflow in gas From: Jim Wilson <jim.wilson@linaro.org> To: Binutils <binutils@sourceware.org> Content-Type: multipart/mixed; boundary=089e011848046e08f10523062134

Message ID

CABXYE2XgtLdfCj_7TcFUOLfbwWaUt2KjYgTv5CAZkMTiDv1kRA@mail.gmail.com

State

New

Headers

Received-SPF: pass (google.com: domain of
	binutils-return-89514-patch=linaro.org@sourceware.org
	designates 209.132.180.131 as permitted sender)
	client-ip=209.132.180.131; 
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:mime-version:date:message-id:subject:from:to
	:content-type; q=dns; s=default; b=Tf3mXXf1qWdHZRCIOKRm9SVBqNWI/
	NCn4ddhnexbQ7iTazrU3BZ14PdVkoiYX6KCYWK9PV76I3tf44kH1hxSR0V8SbKU+
	0F5Jl44YCo6fcR6f153fAWTEZlH2ZGdxffsJaO5hE1AnHMPXoH+k1yF9se5cAPlK
	15WpTVbw1qe0dM=
Mailing-List: contact binutils-help@sourceware.org; run by ezmlm
Precedence: bulk
Sender: binutils-owner@sourceware.org
MIME-Version: 1.0
Date: Mon, 26 Oct 2015 11:28:41 -0700
Message-ID: <CABXYE2XgtLdfCj_7TcFUOLfbwWaUt2KjYgTv5CAZkMTiDv1kRA@mail.gmail.com>
Subject: [PATCH] [ARM] fix buffer overflow in gas
From: Jim Wilson <jim.wilson@linaro.org>
To: Binutils <binutils@sourceware.org>
Content-Type: multipart/mixed; boundary=089e011848046e08f10523062134

Commit Message

Jim Wilson Oct. 26, 2015, 6:28 p.m. UTC

On Ubuntu 14.04, I get

palantir:2062$ cat tmp.s
.cpu exynos-m1
palantir:2063$ ./as-new tmp.s
*** buffer overflow detected ***: ./as-new terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7338f)[0x7f984612538f]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7f98461bcc9c]
/lib/x86_64-linux-gnu/libc.so.6(+0x109b60)[0x7f98461bbb60]
./as-new[0x42e227]
...

The problem is that the string "Samsung Exynos M1" is 18 characters
long including the trailing null byte, but the select_cpu_name array
is only 16 characters long.  This patch increases it to 20 to make the
string fit and allow a little breathing room.  Tested with a cross
build and make check.

Jim

gas/
2015-10-26  Jim Wilson  <jim.wilson@linaro.org>

	* config/tc-arm.c (selected_cpu_name): Increase from 16 to 20.

diff --git a/gas/config/tc-arm.c b/gas/config/tc-arm.c
index efc522a..a98a22a 100644
--- a/gas/config/tc-arm.c
+++ b/gas/config/tc-arm.c
@@ -266,7 +266,7 @@  static int mfloat_abi_opt = -1;
 /* Record user cpu selection for object attributes.  */
 static arm_feature_set selected_cpu = ARM_ARCH_NONE;
 /* Must be long enough to hold any of the names in arm_cpus.  */
-static char selected_cpu_name[16];
+static char selected_cpu_name[20];
 
 extern FLONUM_TYPE generic_floating_point_number;

[ARM] fix buffer overflow in gas

Commit Message

Patch