diff options
| author | Alan Modra <amodra@gmail.com> | 2023-08-25 15:40:10 +0930 |
|---|---|---|
| committer | Alan Modra <amodra@gmail.com> | 2023-08-25 15:55:25 +0930 |
| commit | b73ffa23bf6ed7f48ce67881d97b4111ce3b8181 (patch) | |
| tree | c7435f1bfef7384eaf04af4118df91d0fd367c53 /bfd/som.h | |
| parent | d537f77ef3b18a5fbfd598643aaad957652e9608 (diff) | |
| download | fsf-binutils-gdb-b73ffa23bf6ed7f48ce67881d97b4111ce3b8181.zip fsf-binutils-gdb-b73ffa23bf6ed7f48ce67881d97b4111ce3b8181.tar.gz fsf-binutils-gdb-b73ffa23bf6ed7f48ce67881d97b4111ce3b8181.tar.bz2 | |
som: buffer overflow writing strings
Code in som_write_symbol_strings neglected to allow for padding, which
can result in a buffer overflow. It also used xrealloc, which we're
not supposed to use in libbfd because libbfd isn't supposed to call
exit. Also a realloc is perhaps not a good idea when none of the
buffer contents are needed, so replace with free, bfd_malloc. There
were three copies of the string handling code, so rather than fix them
all I've extracted them to a function. This necessitated making one
of the fields in struct som_symbol unsigned.
* som.c (add_string): New function.
(som_write_space_strings, som_write_symbol_strings): Use it.
* som.h (som_symbol_type <stringtab_offset>): Make unsigned.
Diffstat (limited to 'bfd/som.h')
| -rw-r--r-- | bfd/som.h | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -81,7 +81,7 @@ typedef struct som_symbol /* During object file writing, the offset of the name of this symbol in the SOM string table. */ - int stringtab_offset; + unsigned int stringtab_offset; } som_symbol_type; |