From ef8e6722f2eaae6d65b360459451f57f1350d2af Mon Sep 17 00:00:00 2001 From: Jim Wilson Date: Tue, 27 Oct 2015 09:33:08 +0000 Subject: [PATCH] Prevent overflowing the selected_cpu_name buffer in the ARM assembler. * config/tc-arm.c (selected_cpu_name): Increase length of array to accomodate "Samsung Exynos M1". (arm_parse_cpu): Add assertion and length check to prevent overfilling selected_cpu_name. --- gas/ChangeLog | 7 +++++++ gas/config/tc-arm.c | 10 ++++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/gas/ChangeLog b/gas/ChangeLog index 1b77b64ba01..0dcabf669ac 100644 --- a/gas/ChangeLog +++ b/gas/ChangeLog @@ -1,3 +1,10 @@ +2015-10-27 Jim Wilson + + * config/tc-arm.c (selected_cpu_name): Increase length of array to + accomodate "Samsung Exynos M1". + (arm_parse_cpu): Add assertion and length check to prevent + overfilling selected_cpu_name. + 2015-10-22 Nick Clifton * config/tc-msp430.c (PUSH_1X_WORKAROUND): Delete. diff --git a/gas/config/tc-arm.c b/gas/config/tc-arm.c index efc522a7f56..14bebe829f5 100644 --- a/gas/config/tc-arm.c +++ b/gas/config/tc-arm.c @@ -266,7 +266,7 @@ static int mfloat_abi_opt = -1; /* Record user cpu selection for object attributes. */ static arm_feature_set selected_cpu = ARM_ARCH_NONE; /* Must be long enough to hold any of the names in arm_cpus. */ -static char selected_cpu_name[16]; +static char selected_cpu_name[20]; extern FLONUM_TYPE generic_floating_point_number; @@ -25132,11 +25132,17 @@ arm_parse_cpu (char *str) mcpu_cpu_opt = &opt->value; mcpu_fpu_opt = &opt->default_fpu; if (opt->canonical_name) - strcpy (selected_cpu_name, opt->canonical_name); + { + gas_assert (sizeof selected_cpu_name > strlen (opt->canonical_name)); + strcpy (selected_cpu_name, opt->canonical_name); + } else { size_t i; + if (len >= sizeof selected_cpu_name) + len = (sizeof selected_cpu_name) - 1; + for (i = 0; i < len; i++) selected_cpu_name[i] = TOUPPER (opt->name[i]); selected_cpu_name[i] = 0; -- 2.30.2