aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJim Wilson <jim.wilson@linaro.org>2015-10-27 09:33:08 +0000
committerNick Clifton <nickc@redhat.com>2015-10-27 09:33:08 +0000
commitef8e6722f2eaae6d65b360459451f57f1350d2af (patch)
tree7d4454525af9cd6183dc9969bc8dfe5bc7406d30
parent469bdc72e7b00509d6578f5caca01a45f5db5027 (diff)
downloadgdb-ef8e6722f2eaae6d65b360459451f57f1350d2af.zip
gdb-ef8e6722f2eaae6d65b360459451f57f1350d2af.tar.gz
gdb-ef8e6722f2eaae6d65b360459451f57f1350d2af.tar.bz2
Prevent overflowing the selected_cpu_name buffer in the ARM assembler.
* config/tc-arm.c (selected_cpu_name): Increase length of array to accomodate "Samsung Exynos M1". (arm_parse_cpu): Add assertion and length check to prevent overfilling selected_cpu_name.
-rw-r--r--gas/ChangeLog7
-rw-r--r--gas/config/tc-arm.c10
2 files changed, 15 insertions, 2 deletions
diff --git a/gas/ChangeLog b/gas/ChangeLog
index 1b77b64..0dcabf6 100644
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,3 +1,10 @@
+2015-10-27 Jim Wilson <jim.wilson@linaro.org>
+
+ * config/tc-arm.c (selected_cpu_name): Increase length of array to
+ accomodate "Samsung Exynos M1".
+ (arm_parse_cpu): Add assertion and length check to prevent
+ overfilling selected_cpu_name.
+
2015-10-22 Nick Clifton <nickc@redhat.com>
* config/tc-msp430.c (PUSH_1X_WORKAROUND): Delete.
diff --git a/gas/config/tc-arm.c b/gas/config/tc-arm.c
index efc522a..14bebe8 100644
--- a/gas/config/tc-arm.c
+++ b/gas/config/tc-arm.c
@@ -266,7 +266,7 @@ static int mfloat_abi_opt = -1;
/* Record user cpu selection for object attributes. */
static arm_feature_set selected_cpu = ARM_ARCH_NONE;
/* Must be long enough to hold any of the names in arm_cpus. */
-static char selected_cpu_name[16];
+static char selected_cpu_name[20];
extern FLONUM_TYPE generic_floating_point_number;
@@ -25132,11 +25132,17 @@ arm_parse_cpu (char *str)
mcpu_cpu_opt = &opt->value;
mcpu_fpu_opt = &opt->default_fpu;
if (opt->canonical_name)
- strcpy (selected_cpu_name, opt->canonical_name);
+ {
+ gas_assert (sizeof selected_cpu_name > strlen (opt->canonical_name));
+ strcpy (selected_cpu_name, opt->canonical_name);
+ }
else
{
size_t i;
+ if (len >= sizeof selected_cpu_name)
+ len = (sizeof selected_cpu_name) - 1;
+
for (i = 0; i < len; i++)
selected_cpu_name[i] = TOUPPER (opt->name[i]);
selected_cpu_name[i] = 0;