From 6ef4fa071e2c25b71e81a91646b43378cf957388 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Wed, 3 Nov 2021 16:21:42 +1030 Subject: asan: dlltool buffer overflow: embedded NUL in string yyleng gives the pattern length, xstrdup just copies up to the NUL. So it is quite possible writing at an index of yyleng-2 overflows the xstrdup allocated string buffer. xmemdup quite handily avoids this problem, even writing the terminating NUL over the trailing quote. Use it in ldlex.l too where we'd already had a report of this problem and fixed it by hand, and to implement xmemdup0 in gas. binutils/ * deflex.l (single and double quote strings): Use xmemdup. gas/ * as.h (xmemdup0): Use xmemdup. ld/ PR 20906 * ldlex.l (double quote string): Use xmemdup. --- gas/as.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'gas/as.h') diff --git a/gas/as.h b/gas/as.h index 14a768f..f3f12fb 100644 --- a/gas/as.h +++ b/gas/as.h @@ -484,9 +484,7 @@ void add_debug_prefix_map (const char *); static inline char * xmemdup0 (const char *in, size_t len) { - char *out = (char *) xmalloc (len + 1); - out[len] = 0; - return (char *) memcpy (out, in, len); + return xmemdup (in, len, len + 1); } struct expressionS; -- cgit v1.1