From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 25211 invoked by alias); 2 May 2006 14:20:41 -0000 Received: (qmail 25202 invoked by uid 22791); 2 May 2006 14:20:40 -0000 X-Spam-Check-By: sourceware.org Received: from smtp108.sbc.mail.mud.yahoo.com (HELO smtp108.sbc.mail.mud.yahoo.com) (68.142.198.207) by sourceware.org (qpsmtpd/0.31) with SMTP; Tue, 02 May 2006 14:20:36 +0000 Received: (qmail 93789 invoked from network); 2 May 2006 14:20:34 -0000 Received: from unknown (HELO lucon.org) (hjjean@sbcglobal.net@75.0.171.244 with login) by smtp108.sbc.mail.mud.yahoo.com with SMTP; 2 May 2006 14:20:34 -0000 Received: by lucon.org (Postfix, from userid 1000) id B5B4064034; Tue, 2 May 2006 07:20:31 -0700 (PDT) Date: Tue, 02 May 2006 14:20:00 -0000 From: "H. J. Lu" To: Nick Clifton Cc: binutils@sources.redhat.com, jbeulich@novell.com Subject: Re: PATCH: Fix buffer overflow in gas Message-ID: <20060502142031.GA10660@lucon.org> References: <20060501184006.GA2583@lucon.org> <44572AAF.4080203@redhat.com> <20060502133130.GB10201@lucon.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060502133130.GB10201@lucon.org> User-Agent: Mutt/1.4.2.1i Mailing-List: contact binutils-help@sourceware.org; run by ezmlm Precedence: bulk List-Subscribe: List-Archive: List-Post: List-Help: , Sender: binutils-owner@sourceware.org X-SW-Source: 2006-05/txt/msg00048.txt.bz2 On Tue, May 02, 2006 at 06:31:30AM -0700, H. J. Lu wrote: > On Tue, May 02, 2006 at 10:47:27AM +0100, Nick Clifton wrote: > > Hi H. J. > > > > >There are some potential buffer overflows in gas. 8byte isn't enough > > >to hold a negative byte. This patch fixes them. Also we should use > > >snprintf instead of sprintf. > > > > Did you test this patch ? if so, please could you say how. > > You can put some none ascii char in assembly code. > > > > > >2006-05-01 H.J. Lu > > > > > > * config/tc-i386.c (output_invalid_buf): Change size to 16. > > > * config/tc-tic30.c (output_invalid_buf): Likewise. > > > > > > * config/tc-i386.c (output_invalid): Use snprintf instead of > > > sprintf. > > > * config/tc-ia64.c (declare_register_set): Likewise. > > > (emit_one_bundle): Likewise. > > > (check_dependencies): Likewise. > > > * config/tc-tic30.c (output_invalid): Likewise. > > > > Assuming that you have tested the targets involved and that there were > > no regressions then this patch is approved. > > Done. > Jan suggested we should cast int to unsigned char. foo.s:20: Error: invalid character (0xd6) in mnemonic is better than foo.s:20: Error: invalid character (0xfffffffd6) in mnemonic I will check it in. H.J. --- 2006-05-02 H.J. Lu Jan Beulich * config/tc-i386.c (output_invalid_buf): Change size for unsigned char. * config/tc-tic30.c (output_invalid_buf): Likewise. * config/tc-i386.c (output_invalid): Cast none-ascii char to unsigned char. * config/tc-tic30.c (output_invalid): Likewise. --- gas/config/tc-i386.c.buf 2006-05-02 06:50:00.000000000 -0700 +++ gas/config/tc-i386.c 2006-05-02 07:12:03.000000000 -0700 @@ -5251,7 +5251,7 @@ md_atof (type, litP, sizeP) return 0; } -static char output_invalid_buf[16]; +static char output_invalid_buf[sizeof (unsigned char) * 2 + 6]; static char * output_invalid (c) @@ -5262,7 +5262,7 @@ output_invalid (c) "'%c'", c); else snprintf (output_invalid_buf, sizeof (output_invalid_buf), - "(0x%x)", (unsigned) c); + "(0x%x)", (unsigned char) c); return output_invalid_buf; } --- gas/config/tc-tic30.c.buf 2006-05-02 06:50:00.000000000 -0700 +++ gas/config/tc-tic30.c 2006-05-02 07:12:11.000000000 -0700 @@ -273,7 +273,7 @@ struct tic30_insn struct tic30_insn insn; static int found_parallel_insn; -static char output_invalid_buf[16]; +static char output_invalid_buf[sizeof (unsigned char) * 2 + 6]; static char * output_invalid (char c) @@ -283,7 +283,7 @@ output_invalid (char c) "'%c'", c); else snprintf (output_invalid_buf, sizeof (output_invalid_buf), - "(0x%x)", (unsigned) c); + "(0x%x)", (unsigned char) c); return output_invalid_buf; } 2006-05-02 H.J. Lu * config/tc-i386.c (output_invalid_buf): Change size for unsigned char. * config/tc-tic30.c (output_invalid_buf): Likewise. * config/tc-i386.c (output_invalid): Cast none-ascii char to unsigned char. * config/tc-tic30.c (output_invalid): Likewise. --- gas/config/tc-i386.c.buf 2006-05-02 06:50:00.000000000 -0700 +++ gas/config/tc-i386.c 2006-05-02 07:12:03.000000000 -0700 @@ -5251,7 +5251,7 @@ md_atof (type, litP, sizeP) return 0; } -static char output_invalid_buf[16]; +static char output_invalid_buf[sizeof (unsigned char) * 2 + 6]; static char * output_invalid (c) @@ -5262,7 +5262,7 @@ output_invalid (c) "'%c'", c); else snprintf (output_invalid_buf, sizeof (output_invalid_buf), - "(0x%x)", (unsigned) c); + "(0x%x)", (unsigned char) c); return output_invalid_buf; } --- gas/config/tc-tic30.c.buf 2006-05-02 06:50:00.000000000 -0700 +++ gas/config/tc-tic30.c 2006-05-02 07:12:11.000000000 -0700 @@ -273,7 +273,7 @@ struct tic30_insn struct tic30_insn insn; static int found_parallel_insn; -static char output_invalid_buf[16]; +static char output_invalid_buf[sizeof (unsigned char) * 2 + 6]; static char * output_invalid (char c) @@ -283,7 +283,7 @@ output_invalid (char c) "'%c'", c); else snprintf (output_invalid_buf, sizeof (output_invalid_buf), - "(0x%x)", (unsigned) c); + "(0x%x)", (unsigned char) c); return output_invalid_buf; }