Fix potential buffer overflows with sprintf and very large integer values.

binutuils* prdbg.c (pr_enum_type): Use a buffer big enough to hold an extremely large decimal value. (pr_range_type): Likewise. (pr_array_type): Likewise. (pr_struct_field): Likewise. (pr_class_baseclass): Likewise. (pr_class_method_variant): Likewise. (pr_tag_type): Likewise. (pr_int_constant): Likewise. (pr_typed_constant): Likewise. (pr_variable): Likewise. (pr_function_parameter): Likewise. (pr_start_block): Likewise. (pr_lineno): Likewise. (pr_end_block): Likewise. (tg_enum_type): Likewise. (tg_int_constant): Likewise. (tg_typed_constant): Likewise. (tg_start_block): Likewise. gas * macro.c (macro_expand_body): Use a buffer big enough to hold an extremely large integer.
author: Nick Clifton <nickc@redhat.com> 2016-07-01 12:35:01 +0100
committer: Nick Clifton <nickc@redhat.com> 2016-07-01 12:35:01 +0100
commit: 98a4fc78f9dab76b5ada3551a7bef36db8a3ed05 (patch)
tree: d5669d184079c4ad1d2432a6203d22e2db5fb8bd /binutils
parent: 20aa2c606ef682889722b03b1d874befa84fbf53 (diff)
download: gdb-98a4fc78f9dab76b5ada3551a7bef36db8a3ed05.zip
gdb-98a4fc78f9dab76b5ada3551a7bef36db8a3ed05.tar.gz
gdb-98a4fc78f9dab76b5ada3551a7bef36db8a3ed05.tar.bz2
2 files changed, 40 insertions, 18 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 83fde81..4108b78 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,5 +1,27 @@
 2016-07-01  Nick Clifton  <nickc@redhat.com>
 
+	* prdbg.c (pr_enum_type): Use a buffer big enough to hold an
+	extremely large decimal value.
+	(pr_range_type): Likewise.
+	(pr_array_type): Likewise.
+	(pr_struct_field): Likewise.
+	(pr_class_baseclass): Likewise.
+	(pr_class_method_variant): Likewise.
+	(pr_tag_type): Likewise.
+	(pr_int_constant): Likewise.
+	(pr_typed_constant): Likewise.
+	(pr_variable): Likewise.
+	(pr_function_parameter): Likewise.
+	(pr_start_block): Likewise.
+	(pr_lineno): Likewise.
+	(pr_end_block): Likewise.
+	(tg_enum_type): Likewise.
+	(tg_int_constant): Likewise.
+	(tg_typed_constant): Likewise.
+	(tg_start_block): Likewise.
+
+2016-07-01  Nick Clifton  <nickc@redhat.com>
+
 	* testsuite/binutils-all/objcopy.exp
 	(objcopy_test_without_global_symbol): Expect this test to fail on
 	the AArch64 and ARM targets, since they preserve their mapping
diff --git a/binutils/prdbg.c b/binutils/prdbg.c
index 7f3dcce..92c6087 100644
--- a/binutils/prdbg.c
+++ b/binutils/prdbg.c
@@ -672,7 +672,7 @@ pr_enum_type (void *p, const char *tag, const char **names,
 
 	  if (values[i] != val)
 	    {
-	      char ab[20];
+	      char ab[22];
 
 	      print_vma (values[i], ab, FALSE, FALSE);
 	      if (! append_type (info, " = ")
@@ -802,7 +802,7 @@ static bfd_boolean
 pr_range_type (void *p, bfd_signed_vma lower, bfd_signed_vma upper)
 {
   struct pr_handle *info = (struct pr_handle *) p;
-  char abl[20], abu[20];
+  char abl[22], abu[22];
 
   assert (info->stack != NULL);
 
@@ -827,7 +827,7 @@ pr_array_type (void *p, bfd_signed_vma lower, bfd_signed_vma upper,
 {
   struct pr_handle *info = (struct pr_handle *) p;
   char *range_type;
-  char abl[20], abu[20], ab[50];
+  char abl[22], abu[22], ab[50];
 
   range_type = pop_type (info);
   if (range_type == NULL)
@@ -1151,7 +1151,7 @@ pr_struct_field (void *p, const char *name, bfd_vma bitpos, bfd_vma bitsize,
 		 enum debug_visibility visibility)
 {
   struct pr_handle *info = (struct pr_handle *) p;
-  char ab[20];
+  char ab[22];
   char *t;
 
   if (! substitute_type (info, name))
@@ -1335,7 +1335,7 @@ pr_class_baseclass (void *p, bfd_vma bitpos, bfd_boolean is_virtual,
   struct pr_handle *info = (struct pr_handle *) p;
   char *t;
   const char *prefix;
-  char ab[20];
+  char ab[22];
   char *s, *l, *n;
 
   assert (info->stack != NULL && info->stack->next != NULL);
@@ -1495,7 +1495,7 @@ pr_class_method_variant (void *p, const char *physname,
     return FALSE;
   if (context || voffset != 0)
     {
-      char ab[20];
+      char ab[22];
 
       if (context)
 	{
@@ -1602,7 +1602,7 @@ pr_tag_type (void *p, const char *name, unsigned int id,
 {
   struct pr_handle *info = (struct pr_handle *) p;
   const char *t, *tag;
-  char idbuf[20];
+  char idbuf[22];
 
   switch (kind)
     {
@@ -1698,7 +1698,7 @@ static bfd_boolean
 pr_int_constant (void *p, const char *name, bfd_vma val)
 {
   struct pr_handle *info = (struct pr_handle *) p;
-  char ab[20];
+  char ab[22];
 
   indent (info);
   print_vma (val, ab, FALSE, FALSE);
@@ -1725,7 +1725,7 @@ pr_typed_constant (void *p, const char *name, bfd_vma val)
 {
   struct pr_handle *info = (struct pr_handle *) p;
   char *t;
-  char ab[20];
+  char ab[22];
 
   t = pop_type (info);
   if (t == NULL)
@@ -1748,7 +1748,7 @@ pr_variable (void *p, const char *name, enum debug_var_kind kind,
 {
   struct pr_handle *info = (struct pr_handle *) p;
   char *t;
-  char ab[20];
+  char ab[22];
 
   if (! substitute_type (info, name))
     return FALSE;
@@ -1811,7 +1811,7 @@ pr_function_parameter (void *p, const char *name,
 {
   struct pr_handle *info = (struct pr_handle *) p;
   char *t;
-  char ab[20];
+  char ab[22];
 
   if (kind == DEBUG_PARM_REFERENCE
       || kind == DEBUG_PARM_REF_REG)
@@ -1849,7 +1849,7 @@ static bfd_boolean
 pr_start_block (void *p, bfd_vma addr)
 {
   struct pr_handle *info = (struct pr_handle *) p;
-  char ab[20];
+  char ab[22];
 
   if (info->parameter > 0)
     {
@@ -1872,7 +1872,7 @@ static bfd_boolean
 pr_lineno (void *p, const char *filename, unsigned long lineno, bfd_vma addr)
 {
   struct pr_handle *info = (struct pr_handle *) p;
-  char ab[20];
+  char ab[22];
 
   indent (info);
   print_vma (addr, ab, TRUE, TRUE);
@@ -1887,7 +1887,7 @@ static bfd_boolean
 pr_end_block (void *p, bfd_vma addr)
 {
   struct pr_handle *info = (struct pr_handle *) p;
-  char ab[20];
+  char ab[22];
 
   info->indent -= 2;
 
@@ -1993,7 +1993,7 @@ tg_enum_type (void *p, const char *tag, const char **names,
   struct pr_handle *info = (struct pr_handle *) p;
   unsigned int i;
   const char *name;
-  char ab[20];
+  char ab[22];
 
   if (! pr_enum_type (p, tag, names, values))
     return FALSE;
@@ -2540,7 +2540,7 @@ static bfd_boolean
 tg_int_constant (void *p, const char *name, bfd_vma val)
 {
   struct pr_handle *info = (struct pr_handle *) p;
-  char ab[20];
+  char ab[22];
 
   indent (info);
   print_vma (val, ab, FALSE, FALSE);
@@ -2569,7 +2569,7 @@ tg_typed_constant (void *p, const char *name, bfd_vma val)
 {
   struct pr_handle *info = (struct pr_handle *) p;
   char *t;
-  char ab[20];
+  char ab[22];
 
   t = pop_type (info);
   if (t == NULL)
@@ -2747,7 +2747,7 @@ static bfd_boolean
 tg_start_block (void *p, bfd_vma addr)
 {
   struct pr_handle *info = (struct pr_handle *) p;
-  char ab[20], kind, *partof;
+  char ab[22], kind, *partof;
   char *t;
   bfd_boolean local;
author	Nick Clifton <nickc@redhat.com>	2016-07-01 12:35:01 +0100
committer	Nick Clifton <nickc@redhat.com>	2016-07-01 12:35:01 +0100
commit	98a4fc78f9dab76b5ada3551a7bef36db8a3ed05 (patch)
tree	d5669d184079c4ad1d2432a6203d22e2db5fb8bd /binutils
parent	20aa2c606ef682889722b03b1d874befa84fbf53 (diff)
download	gdb-98a4fc78f9dab76b5ada3551a7bef36db8a3ed05.zip gdb-98a4fc78f9dab76b5ada3551a7bef36db8a3ed05.tar.gz gdb-98a4fc78f9dab76b5ada3551a7bef36db8a3ed05.tar.bz2