projects / binutils-gdb.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3a27554) | patch
asan: dlltool buffer overflow: embedded NUL in string
authorAlan Modra <amodra@gmail.com>
Wed, 3 Nov 2021 05:51:42 +0000 (16:21 +1030)
committerAlan Modra <amodra@gmail.com>
Wed, 3 Nov 2021 06:36:09 +0000 (17:06 +1030)
commit6ef4fa071e2c25b71e81a91646b43378cf957388
tree334807cc63fe61af871283a11915462a4071e924tree
parent3a275541049f295719782642fb8aa912b0a4a0d3commit | diff
asan: dlltool buffer overflow: embedded NUL in string

yyleng gives the pattern length, xstrdup just copies up to the NUL.
So it is quite possible writing at an index of yyleng-2 overflows
the xstrdup allocated string buffer.  xmemdup quite handily avoids
this problem, even writing the terminating NUL over the trailing
quote.  Use it in ldlex.l too where we'd already had a report of this
problem and fixed it by hand, and to implement xmemdup0 in gas.

binutils/
* deflex.l (single and double quote strings): Use xmemdup.
gas/
* as.h (xmemdup0): Use xmemdup.
ld/
PR 20906
* ldlex.l (double quote string): Use xmemdup.
binutils/deflex.l diff | blob | history
gas/as.h diff | blob | history
ld/ldlex.l diff | blob | history