From 012d44268695f1c5d4e2e019c610c8b99bd7e553 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Tue, 16 Mar 2021 12:44:50 +0000 Subject: [PATCH] Fix a potential buffer overrun qwhen writing out PE aux entries. * peXXigen.c (_bfd_XXi_swap_aux_out): Avoid potential buffer overrun by using sizeof of the destination x_fname field as the limit for a memcpy. * coff/internal.h (struct internal_auxent): Fix a couple of typos in comment describing the x_fname field. --- bfd/ChangeLog | 6 ++++++ bfd/peXXigen.c | 2 +- include/ChangeLog | 5 +++++ include/coff/internal.h | 4 ++-- 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 70203b1254..2bea06278b 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,9 @@ +2021-03-16 Nick Clifton + + * peXXigen.c (_bfd_XXi_swap_aux_out): Avoid potential buffer + overrun by using sizeof of the destination x_fname field as the + limit for a memcpy. + 2021-03-16 Kuan-Lin Chen * elfxx-riscv.c (riscv_std_z_ext_strtab): Add zba, zbb and zbc. diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c index 83bbac51af..b3706723c8 100644 --- a/bfd/peXXigen.c +++ b/bfd/peXXigen.c @@ -380,7 +380,7 @@ _bfd_XXi_swap_aux_out (bfd * abfd, H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset); } else - memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN); + memcpy (ext->x_file.x_fname, in->x_file.x_fname, sizeof (ext->x_file.x_fname)); return AUXESZ; diff --git a/include/ChangeLog b/include/ChangeLog index 9712268bae..5ea252c9ef 100644 --- a/include/ChangeLog +++ b/include/ChangeLog @@ -1,3 +1,8 @@ +2021-03-16 Nick Clifton + + * coff/internal.h (struct internal_auxent): Fix a couple of typos + in comment describing the x_fname field. + 2021-03-16 Kuan-Lin Chen * opcode/riscv-opc.h: Support zba, zbb and zbc extensions. diff --git a/include/coff/internal.h b/include/coff/internal.h index 1b5b45c226..90c901d298 100644 --- a/include/coff/internal.h +++ b/include/coff/internal.h @@ -580,8 +580,8 @@ union internal_auxent union { /* PR 17754: We use to FILNMLEN for the size of the x_fname - array, but that cause problems as PE targets use a larger - value. We cannot use their definition of EFILNMLEN as this + array, but that causes problems as PE targets use a larger + value. We cannot use their definition of E_FILNMLEN as this header can be used without including any PE headers. */ char x_fname[20]; struct -- 2.34.1