[ARM] fix buffer overflow in gas

Message ID CABXYE2XgtLdfCj_7TcFUOLfbwWaUt2KjYgTv5CAZkMTiDv1kRA@mail.gmail.com
State New
Headers show

Commit Message

Jim Wilson Oct. 26, 2015, 6:28 p.m.
On Ubuntu 14.04, I get

palantir:2062$ cat tmp.s
.cpu exynos-m1
palantir:2063$ ./as-new tmp.s
*** buffer overflow detected ***: ./as-new terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7338f)[0x7f984612538f]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7f98461bcc9c]
/lib/x86_64-linux-gnu/libc.so.6(+0x109b60)[0x7f98461bbb60]
./as-new[0x42e227]
...

The problem is that the string "Samsung Exynos M1" is 18 characters
long including the trailing null byte, but the select_cpu_name array
is only 16 characters long.  This patch increases it to 20 to make the
string fit and allow a little breathing room.  Tested with a cross
build and make check.

Jim

Patch

gas/
2015-10-26  Jim Wilson  <jim.wilson@linaro.org>

	* config/tc-arm.c (selected_cpu_name): Increase from 16 to 20.

diff --git a/gas/config/tc-arm.c b/gas/config/tc-arm.c
index efc522a..a98a22a 100644
--- a/gas/config/tc-arm.c
+++ b/gas/config/tc-arm.c
@@ -266,7 +266,7 @@  static int mfloat_abi_opt = -1;
 /* Record user cpu selection for object attributes.  */
 static arm_feature_set selected_cpu = ARM_ARCH_NONE;
 /* Must be long enough to hold any of the names in arm_cpus.  */
-static char selected_cpu_name[16];
+static char selected_cpu_name[20];
 
 extern FLONUM_TYPE generic_floating_point_number;