avoid a few strncpy-induced buffer overruns

* procfs.c (procfs_make_note_section): Be sure to NUL-terminate
fname and psargs before trying to concatenate.
* tui/tui-stack.c (tui_get_function_from_frame): NUL-terminate
"name" before applying strchr.

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 8babaaa73ec0d68c4ee644594141e712c265286c..43d590f4c3e9313b0c7e9aacf655e0d17b9a92de 100644 (file)
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,11 @@
+2012-04-24  Jim Meyering  <meyering@redhat.com>
+
+       avoid a few strncpy-induced buffer overruns
+       * procfs.c (procfs_make_note_section): Be sure to NUL-terminate
+       fname and psargs before trying to concatenate.
+       * tui/tui-stack.c (tui_get_function_from_frame): NUL-terminate
+       "name" before applying strchr.
+
 2012-04-25  Siva Chandra Reddy  <sivachandra@google.com>
 
        * CONTRIBUTE: Use unified diff instead of context diff when

diff --git a/gdb/procfs.c b/gdb/procfs.c
index cb4bc7c626cd5bc7bac74b740f19ceeddf924ca4..d7c2946bffca878bd0b145603c37d2faf4d54f29 100644 (file)
--- a/gdb/procfs.c
+++ b/gdb/procfs.c
@@ -5725,8 +5725,9 @@ procfs_make_note_section (bfd *obfd, int *note_size)
   if (get_exec_file (0))
     {
       strncpy (fname, lbasename (get_exec_file (0)), sizeof (fname));
-      strncpy (psargs, get_exec_file (0),
-              sizeof (psargs));
+      fname[sizeof (fname) - 1] = 0;
+      strncpy (psargs, get_exec_file (0), sizeof (psargs));
+      psargs[sizeof (psargs) - 1] = 0;
 
       inf_args = get_inferior_args ();
       if (inf_args && *inf_args &&

diff --git a/gdb/tui/tui-stack.c b/gdb/tui/tui-stack.c
index ef50a98a2d68022d33c879756de970bc5396d402..262a6bf3143de6d8c71970e4e530945617ced2cb 100644 (file)
--- a/gdb/tui/tui-stack.c
+++ b/gdb/tui/tui-stack.c
@@ -228,6 +228,7 @@ tui_get_function_from_frame (struct frame_info *fi)
   if (*p == '<')
     p++;
   strncpy (name, p, sizeof (name) - 1);
+  name[sizeof (name) - 1] = 0;
   p = strchr (name, '(');
   if (!p)
     p = strchr (name, '>');