aboutsummaryrefslogtreecommitdiff
path: root/gas
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2000-11-07 19:36:08 +0000
committerNick Clifton <nickc@redhat.com>2000-11-07 19:36:08 +0000
commit604d524f129068349a7951cb7056683bc930705f (patch)
treeeaf2cf3565348fec0d6132c27b804d345ac026ff /gas
parent0ef5a5bdcbddae6d04247a3e261843edfa68a60f (diff)
downloadgdb-604d524f129068349a7951cb7056683bc930705f.zip
gdb-604d524f129068349a7951cb7056683bc930705f.tar.gz
gdb-604d524f129068349a7951cb7056683bc930705f.tar.bz2
Fix memory corruption with --gstabs and short length filenames.
Diffstat (limited to 'gas')
-rw-r--r--gas/ChangeLog5
-rw-r--r--gas/stabs.c80
2 files changed, 50 insertions, 35 deletions
diff --git a/gas/ChangeLog b/gas/ChangeLog
index bff9846..276ee32 100644
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,3 +1,8 @@
+2000-11-07 Nick Clifton <nickc@redhat.com>
+
+ * stabs.c (generate_asm_file): Increase length of xmalloc'ed
+ buffer in order to avoid buffer overflows.
+
2000-11-06 Steve Ellcey <sje@cup.hp.com>
* config/tc-ia64.c (md_shortopts, md_parse_option, md_show_usage):
diff --git a/gas/stabs.c b/gas/stabs.c
index d9998f1..f82b568 100644
--- a/gas/stabs.c
+++ b/gas/stabs.c
@@ -497,52 +497,62 @@ generate_asm_file (type, file)
static char *last_file;
static int label_count;
char *hold;
- char *buf = xmalloc (2 * strlen (file) + 10);
char sym[30];
-
+ char *buf;
+ char *tmp = file;
+ char *endp = file + strlen (file);
+ char *bufp = buf;
+
+ if (last_file != NULL
+ && strcmp (last_file, file) == 0)
+ return;
+
/* Rather than try to do this in some efficient fashion, we just
generate a string and then parse it again. That lets us use the
existing stabs hook, which expect to see a string, rather than
inventing new ones. */
-
hold = input_line_pointer;
- if (last_file == NULL
- || strcmp (last_file, file) != 0)
- {
- char *tmp = file;
- char *endp = file + strlen(file);
- char *bufp = buf;
-
- sprintf (sym, "%sF%d", FAKE_LABEL_NAME, label_count);
- ++label_count;
-
- *bufp++ = '"';
- while (tmp < endp)
- {
- char *bslash = strchr (tmp, '\\');
- int len = (bslash ? (bslash - tmp + 1) : strlen (tmp));
- /* double all backslashes, since demand_copy_C_string (used by
- s_stab to extract the part in quotes) will try to replace them as
- escape sequences. backslash may appear in a filespec. */
- strncpy (bufp, tmp, len);
- tmp += len;
- bufp += len;
- if (bslash != NULL)
- *bufp++ = '\\';
- }
- sprintf (bufp, "\",%d,0,0,%s\n", type, sym);
- input_line_pointer = buf;
- s_stab ('s');
- colon (sym);
+ sprintf (sym, "%sF%d", FAKE_LABEL_NAME, label_count);
+ ++label_count;
- if (last_file != NULL)
- free (last_file);
- last_file = xstrdup (file);
+ /* Allocate enough space for the file name (possibly extended with
+ doubled up backslashes), the symbol name, and the other characters
+ that make up a stabs file directive. */
+ bufp = buf = xmalloc (2 * strlen (file) + strlen (sym) + 12);
+
+ *bufp++ = '"';
+
+ while (tmp < endp)
+ {
+ char *bslash = strchr (tmp, '\\');
+ int len = (bslash ? (bslash - tmp + 1) : strlen (tmp));
+
+ /* Double all backslashes, since demand_copy_C_string (used by
+ s_stab to extract the part in quotes) will try to replace them as
+ escape sequences. backslash may appear in a filespec. */
+ strncpy (bufp, tmp, len);
+
+ tmp += len;
+ bufp += len;
+
+ if (bslash != NULL)
+ *bufp++ = '\\';
}
- input_line_pointer = hold;
+ sprintf (bufp, "\",%d,0,0,%s\n", type, sym);
+
+ input_line_pointer = buf;
+ s_stab ('s');
+ colon (sym);
+
+ if (last_file != NULL)
+ free (last_file);
+ last_file = xstrdup (file);
+
free (buf);
+
+ input_line_pointer = hold;
}
/* Generate stabs debugging information for the current line. This is