projects / binutils-gdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 45229ec)
Fix memory overflow issue about strncat
authorChen Gang <gang.chen.5i5j@gmail.com>
Tue, 14 Oct 2014 23:18:47 +0000 (09:48 +1030)
committerAlan Modra <amodra@gmail.com>
Tue, 14 Oct 2014 23:26:54 +0000 (09:56 +1030)
If src contains n or more bytes, strncat() writes n+1 bytes to dest
(n from src plus the terminating null byte).   Therefore, the size of
dest must be at least strlen(dest)+n+1.

* config/tc-tic4x.c (md_assemble): Correct strncat size.

gas/ChangeLog patch | blob | history
gas/config/tc-tic4x.c patch | blob | history

diff --git a/gas/ChangeLog b/gas/ChangeLog
index 40476234b6c127a591da8416ac53b39175880a9d..7ac3677f49c35cae199725fcac92063067c00508 100644 (file)
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,3 +1,7 @@
+2014-10-15  Chen Gang  <gang.chen.5i5j@gmail.com>
+
+       * config/tc-tic4x.c (md_assemble): Correct strncat size.
+
 2014-10-14  Tristan Gingold  <gingold@adacore.com>
 
        * NEWS: Add marker for 2.25.
diff --git a/gas/config/tc-tic4x.c b/gas/config/tc-tic4x.c
index 904a68c849e1ff3f019d0c83000751da33fed66a..dc821680739c508afcc8d69b0fcb37b94bd574e4 100644 (file)
--- a/gas/config/tc-tic4x.c
+++ b/gas/config/tc-tic4x.c
@@ -2456,7 +2456,7 @@ md_assemble (char *str)
       if (*s)                  /* Null terminate for hash_find.  */
        *s++ = '\0';            /* and skip past null.  */
       strcat (insn->name, "_");
-      strncat (insn->name, str, TIC4X_NAME_MAX - strlen (insn->name));
+      strncat (insn->name, str, TIC4X_NAME_MAX - 1 - strlen (insn->name));
 
       insn->operands[insn->num_operands++].mode = M_PARALLEL;