This patch fixes a flaw in the SREC parser which could cause a stack overflow

and potential secuiryt breach. PR binutils/17510 * srec.c (srec_bad_byte): Increase size of buf to allow for negative values. (srec_scan): Use an unsigned char buffer to hold header bytes.
author: Nick Clifton <nickc@redhat.com> 2014-10-28 10:48:14 +0000
committer: Nick Clifton <nickc@redhat.com> 2014-10-28 10:48:14 +0000
commit: 708d7d0d11f0f2d776171979aa3479e8e12a38a0 (patch)
tree: 3cd4fc5f4d2774c3fc791cc4345dd5ba15189b7f /bfd/srec.c
parent: 6fb9c0f83252a79b2f1a3f8e75fa117ca7a4d589 (diff)
download: binutils-708d7d0d11f0f2d776171979aa3479e8e12a38a0.zip
binutils-708d7d0d11f0f2d776171979aa3479e8e12a38a0.tar.gz
binutils-708d7d0d11f0f2d776171979aa3479e8e12a38a0.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/bfd/srec.c b/bfd/srec.c
index 9ed2080..5f9a546 100644
--- a/bfd/srec.c
+++ b/bfd/srec.c
@@ -246,7 +246,7 @@ srec_bad_byte (bfd *abfd,
     }
   else
     {
-      char buf[10];
+      char buf[40];
 
       if (! ISPRINT (c))
 	sprintf (buf, "\\%03o", (unsigned int) c);
@@ -452,7 +452,7 @@ srec_scan (bfd *abfd)
 	case 'S':
 	  {
 	    file_ptr pos;
-	    char hdr[3];
+	    unsigned char hdr[3];
 	    unsigned int bytes, min_bytes;
 	    bfd_vma address;
 	    bfd_byte *data;
author	Nick Clifton <nickc@redhat.com>	2014-10-28 10:48:14 +0000
committer	Nick Clifton <nickc@redhat.com>	2014-10-28 10:48:14 +0000
commit	708d7d0d11f0f2d776171979aa3479e8e12a38a0 (patch)
tree	3cd4fc5f4d2774c3fc791cc4345dd5ba15189b7f /bfd/srec.c
parent	6fb9c0f83252a79b2f1a3f8e75fa117ca7a4d589 (diff)
download	binutils-708d7d0d11f0f2d776171979aa3479e8e12a38a0.zip binutils-708d7d0d11f0f2d776171979aa3479e8e12a38a0.tar.gz binutils-708d7d0d11f0f2d776171979aa3479e8e12a38a0.tar.bz2