projects
/
deliverable
/
binutils-gdb.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
2017-06-15 Eric Christopher <echristo@gmail.com>
[deliverable/binutils-gdb.git]
/
gprof
/
corefile.c
diff --git
a/gprof/corefile.c
b/gprof/corefile.c
index 37942b564addb3bf91829ff81e83a851a9f9992c..01d6fec33541569bae37c7621864a97192a0b776 100644
(file)
--- a/
gprof/corefile.c
+++ b/
gprof/corefile.c
@@
-1,6
+1,6
@@
/* corefile.c
/* corefile.c
- Copyright (C) 1999-201
6
Free Software Foundation, Inc.
+ Copyright (C) 1999-201
7
Free Software Foundation, Inc.
This file is part of GNU Binutils.
This file is part of GNU Binutils.
@@
-28,6
+28,7
@@
#include "hist.h"
#include "corefile.h"
#include "safe-ctype.h"
#include "hist.h"
#include "corefile.h"
#include "safe-ctype.h"
+#include <limits.h> /* For UINT_MAX. */
bfd *core_bfd;
static int core_num_syms;
bfd *core_bfd;
static int core_num_syms;
@@
-72,11
+73,15
@@
cmp_symbol_map (const void * l, const void * r)
((struct function_map *) r)->function_name);
}
((struct function_map *) r)->function_name);
}
+#define BUFSIZE (1024)
+/* This is BUFSIZE - 1 as a string. Suitable for use in fprintf/sscanf format strings. */
+#define STR_BUFSIZE "1023"
+
static void
read_function_mappings (const char *filename)
{
FILE * file = fopen (filename, "r");
static void
read_function_mappings (const char *filename)
{
FILE * file = fopen (filename, "r");
- char dummy[
1024
];
+ char dummy[
BUFSIZE
];
int count = 0;
unsigned int i;
int count = 0;
unsigned int i;
@@
-93,7
+98,7
@@
read_function_mappings (const char *filename)
{
int matches;
{
int matches;
- matches = fscanf (file, "%[^\n:]", dummy);
+ matches = fscanf (file, "%
" STR_BUFSIZE "
[^\n:]", dummy);
if (!matches)
parse_error (filename);
if (!matches)
parse_error (filename);
@@
-107,7
+112,7
@@
read_function_mappings (const char *filename)
}
/* Don't care what else is on this line at this point. */
}
/* Don't care what else is on this line at this point. */
- matches = fscanf (file, "%[^\n]\n", dummy);
+ matches = fscanf (file, "%
" STR_BUFSIZE "
[^\n]\n", dummy);
if (!matches)
parse_error (filename);
count++;
if (!matches)
parse_error (filename);
count++;
@@
-127,7
+132,7
@@
read_function_mappings (const char *filename)
int matches;
char *tmp;
int matches;
char *tmp;
- matches = fscanf (file, "%[^\n:]", dummy);
+ matches = fscanf (file, "%
" STR_BUFSIZE "
[^\n:]", dummy);
if (!matches)
parse_error (filename);
if (!matches)
parse_error (filename);
@@
-145,7
+150,7
@@
read_function_mappings (const char *filename)
strcpy (symbol_map[count].file_name, dummy);
/* Now we need the function name. */
strcpy (symbol_map[count].file_name, dummy);
/* Now we need the function name. */
- matches = fscanf (file, "%[^\n]\n", dummy);
+ matches = fscanf (file, "%
" STR_BUFSIZE "
[^\n]\n", dummy);
if (!matches)
parse_error (filename);
tmp = strrchr (dummy, ' ') + 1;
if (!matches)
parse_error (filename);
tmp = strrchr (dummy, ' ') + 1;
@@
-480,29
+485,29
@@
get_src_info (bfd_vma addr, const char **filename, const char **name, int *line_
}
}
}
}
+static char buf[BUFSIZE];
+static char address[BUFSIZE];
+static char name[BUFSIZE];
+
/* Return number of symbols in a symbol-table file. */
/* Return number of symbols in a symbol-table file. */
-static int
+static
unsigned
int
num_of_syms_in (FILE * f)
{
num_of_syms_in (FILE * f)
{
- const int BUFSIZE = 1024;
- char * buf = (char *) xmalloc (BUFSIZE);
- char * address = (char *) xmalloc (BUFSIZE);
char type;
char type;
- char * name = (char *) xmalloc (BUFSIZE);
- int num = 0;
+ unsigned int num = 0;
while (!feof (f) && fgets (buf, BUFSIZE - 1, f))
{
while (!feof (f) && fgets (buf, BUFSIZE - 1, f))
{
- if (sscanf (buf, "%
s %c %
s", address, &type, name) == 3)
+ if (sscanf (buf, "%
" STR_BUFSIZE "s %c %" STR_BUFSIZE "
s", address, &type, name) == 3)
if (type == 't' || type == 'T')
if (type == 't' || type == 'T')
- ++num;
+ {
+ /* PR 20499 - prevent integer overflow computing argument to xmalloc. */
+ if (++num >= UINT_MAX / sizeof (Sym))
+ return -1U;
+ }
}
}
- free (buf);
- free (address);
- free (name);
-
return num;
}
return num;
}
@@
-511,11
+516,7
@@
num_of_syms_in (FILE * f)
void
core_create_syms_from (const char * sym_table_file)
{
void
core_create_syms_from (const char * sym_table_file)
{
- const int BUFSIZE = 1024;
- char * buf = (char *) xmalloc (BUFSIZE);
- char * address = (char *) xmalloc (BUFSIZE);
char type;
char type;
- char * name = (char *) xmalloc (BUFSIZE);
bfd_vma min_vma = ~(bfd_vma) 0;
bfd_vma max_vma = 0;
FILE * f;
bfd_vma min_vma = ~(bfd_vma) 0;
bfd_vma max_vma = 0;
FILE * f;
@@
-535,6
+536,12
@@
core_create_syms_from (const char * sym_table_file)
fprintf (stderr, _("%s: file `%s' has no symbols\n"), whoami, sym_table_file);
done (1);
}
fprintf (stderr, _("%s: file `%s' has no symbols\n"), whoami, sym_table_file);
done (1);
}
+ else if (symtab.len == -1U)
+ {
+ fprintf (stderr, _("%s: file `%s' has too many symbols\n"),
+ whoami, sym_table_file);
+ done (1);
+ }
symtab.base = (Sym *) xmalloc (symtab.len * sizeof (Sym));
symtab.base = (Sym *) xmalloc (symtab.len * sizeof (Sym));
@@
-549,9
+556,10
@@
core_create_syms_from (const char * sym_table_file)
while (!feof (f) && fgets (buf, BUFSIZE - 1, f))
{
while (!feof (f) && fgets (buf, BUFSIZE - 1, f))
{
- if (sscanf (buf, "%s %c %s", address, &type, name) == 3)
- if (type != 't' && type != 'T')
- continue;
+ if (sscanf (buf, "%" STR_BUFSIZE "s %c %" STR_BUFSIZE "s", address, &type, name) != 3)
+ continue;
+ if (type != 't' && type != 'T')
+ continue;
sym_init (symtab.limit);
sym_init (symtab.limit);
@@
-572,10
+580,6
@@
core_create_syms_from (const char * sym_table_file)
symtab.len = symtab.limit - symtab.base;
symtab_finalize (&symtab);
symtab.len = symtab.limit - symtab.base;
symtab_finalize (&symtab);
-
- free (buf);
- free (address);
- free (name);
}
static int
}
static int
@@
-843,7
+847,7
@@
core_create_line_syms (void)
The old way called symtab_finalize before the is_static pass,
causing a problem since symtab_finalize uses is_static as part of
its address conflict resolution algorithm. Since global symbols
The old way called symtab_finalize before the is_static pass,
causing a problem since symtab_finalize uses is_static as part of
its address conflict resolution algorithm. Since global symbols
- were prefered over static symbols, and all line symbols were
+ were prefer
r
ed over static symbols, and all line symbols were
global at that point, static function names that conflicted with
their own line numbers (static, but labeled as global) were
rejected in favor of the line num.
global at that point, static function names that conflicted with
their own line numbers (static, but labeled as global) were
rejected in favor of the line num.
This page took
0.025238 seconds
and
4
git commands to generate.