aboutsummaryrefslogtreecommitdiff
path: root/gas/as.h
diff options
context:
space:
mode:
authorAlan Modra <amodra@gmail.com>2021-11-03 16:21:42 +1030
committerAlan Modra <amodra@gmail.com>2021-11-03 17:06:09 +1030
commit6ef4fa071e2c25b71e81a91646b43378cf957388 (patch)
tree334807cc63fe61af871283a11915462a4071e924 /gas/as.h
parent3a275541049f295719782642fb8aa912b0a4a0d3 (diff)
downloadgdb-6ef4fa071e2c25b71e81a91646b43378cf957388.zip
gdb-6ef4fa071e2c25b71e81a91646b43378cf957388.tar.gz
gdb-6ef4fa071e2c25b71e81a91646b43378cf957388.tar.bz2
asan: dlltool buffer overflow: embedded NUL in string
yyleng gives the pattern length, xstrdup just copies up to the NUL. So it is quite possible writing at an index of yyleng-2 overflows the xstrdup allocated string buffer. xmemdup quite handily avoids this problem, even writing the terminating NUL over the trailing quote. Use it in ldlex.l too where we'd already had a report of this problem and fixed it by hand, and to implement xmemdup0 in gas. binutils/ * deflex.l (single and double quote strings): Use xmemdup. gas/ * as.h (xmemdup0): Use xmemdup. ld/ PR 20906 * ldlex.l (double quote string): Use xmemdup.
Diffstat (limited to 'gas/as.h')
-rw-r--r--gas/as.h4
1 files changed, 1 insertions, 3 deletions
diff --git a/gas/as.h b/gas/as.h
index 14a768f..f3f12fb 100644
--- a/gas/as.h
+++ b/gas/as.h
@@ -484,9 +484,7 @@ void add_debug_prefix_map (const char *);
static inline char *
xmemdup0 (const char *in, size_t len)
{
- char *out = (char *) xmalloc (len + 1);
- out[len] = 0;
- return (char *) memcpy (out, in, len);
+ return xmemdup (in, len, len + 1);
}
struct expressionS;