* Remove some static buffers
@ 2020-12-18 0:02 Alan Modra
0 siblings, 0 replies; only message in thread
From: Alan Modra @ 2020-12-18 0:02 UTC (permalink / raw)
To: binutils
Fixes possible overflow of a static buffer for powerpc with translated
messages, and on v850 when symbol names are large.
* archive.c (_bfd_ar_spacepad, _bfd_ar_sizepad): Use auto buf.
* coff-mcore.c (coff_mcore_relocate_section): Likewise.
* elf32-ppc.c (ppc_elf_unhandled_reloc): Use asprintf in place
of fixed size and possibly too small buf for translated message.
* elf64-ppc.c (ppc64_elf_unhandled_reloc): Likewise.
* elf32-v850.c (v850_elf_check_relocs): Likewise.
* ecoff.c (ecoff_type_to_string): Pass in return string buff rather
than using static buffer2. Delete dead code. Remove unnecessary
parentheses.
(_bfd_ecoff_print_symbol): Pass auto buff to ecoff_type_to_string.
* elf32-rx.c (describe_flags): Pass in return string buf rather
than using static buf.
(rx_elf_merge_private_bfd_data): Pass buf to describe_flags.
(rx_elf_print_private_bfd_data): Likewise.
* mach-o.c (cpusubtype): Pass in return string buffer rather than
using static buffer.
(bfd_mach_o_bfd_print_private_bfd_data): Pass buff to cpusubtype.
* opncls.c (separate_debug_file_exists): Make buffer an auto var.
(bfd_fill_in_gnu_debuglink_section): Likewise.
* peXXigen.c (rsrc_resource_name): Pass in return string buffer
rather than using static buffer.
(rsrc_sort_entries): Pass buff to rsrc_resource_name.
* vms-alpha.c (_bfd_vms_write_emh): Pass tbuf to get_vms_time_string.
* vms-misc.c (get_vms_time_string): Pass in return string tbuf
rather than using static tbuf.
* vms.h (get_vms_time_string): Update prototype.
diff --git a/bfd/archive.c b/bfd/archive.c
index 0250d6f5f4..10e1423b82 100644
--- a/bfd/archive.c
+++ b/bfd/archive.c
@@ -172,7 +172,7 @@ struct ar_cache
void
_bfd_ar_spacepad (char *p, size_t n, const char *fmt, long val)
{
- static char buf[20];
+ char buf[20];
size_t len;
snprintf (buf, sizeof (buf), fmt, val);
@@ -189,7 +189,7 @@ _bfd_ar_spacepad (char *p, size_t n, const char *fmt, long val)
bfd_boolean
_bfd_ar_sizepad (char *p, size_t n, bfd_size_type size)
{
- static char buf[21];
+ char buf[21];
size_t len;
snprintf (buf, sizeof (buf), "%-10" BFD_VMA_FMT "u", size);
diff --git a/bfd/coff-mcore.c b/bfd/coff-mcore.c
index fedcb0ab80..e5005dc3b8 100644
--- a/bfd/coff-mcore.c
+++ b/bfd/coff-mcore.c
@@ -392,6 +392,7 @@ coff_mcore_relocate_section (bfd * output_bfd,
reloc_howto_type * howto = NULL;
struct coff_link_hash_entry * h;
const char * my_name;
+ char buf[SYMNMLEN + 1];
symndx = rel->r_symndx;
loc = contents + rel->r_vaddr - input_section->vma;
@@ -436,8 +437,6 @@ coff_mcore_relocate_section (bfd * output_bfd,
my_name = obj_coff_strings (input_bfd) + sym->_n._n_n._n_offset;
else
{
- static char buf [SYMNMLEN + 1];
-
strncpy (buf, sym->_n._n_name, SYMNMLEN);
buf[SYMNMLEN] = '\0';
my_name = buf;
diff --git a/bfd/ecoff.c b/bfd/ecoff.c
index 22060e7477..798e37a5e3 100644
--- a/bfd/ecoff.c
+++ b/bfd/ecoff.c
@@ -1056,7 +1056,7 @@ ecoff_emit_aggregate (bfd *abfd,
/* Convert the type information to string format. */
static char *
-ecoff_type_to_string (bfd *abfd, FDR *fdr, unsigned int indx)
+ecoff_type_to_string (bfd *abfd, FDR *fdr, unsigned int indx, char *buff)
{
union aux_ext *aux_ptr;
int bigendian;
@@ -1071,9 +1071,8 @@ ecoff_type_to_string (bfd *abfd, FDR *fdr, unsigned int indx)
unsigned int basic_type;
int i;
char buffer1[1024];
- static char buffer2[1024];
char *p1 = buffer1;
- char *p2 = buffer2;
+ char *p2 = buff;
RNDXR rndx;
aux_ptr = ecoff_data (abfd)->debug_info.external_aux + fdr->iauxBase;
@@ -1239,7 +1238,7 @@ ecoff_type_to_string (bfd *abfd, FDR *fdr, unsigned int indx)
break;
}
- p1 += strlen (buffer1);
+ p1 += strlen (p1);
/* If this is a bitfield, get the bitsize. */
if (u.ti.fBitfield)
@@ -1248,7 +1247,6 @@ ecoff_type_to_string (bfd *abfd, FDR *fdr, unsigned int indx)
bitsize = AUX_GET_WIDTH (bigendian, &aux_ptr[indx++]);
sprintf (p1, " : %d", bitsize);
- p1 += strlen (buffer1);
}
/* Deal with any qualifiers. */
@@ -1332,7 +1330,7 @@ ecoff_type_to_string (bfd *abfd, FDR *fdr, unsigned int indx)
(long) (qualifiers[j].stride));
else
- sprintf (p2, " {%ld bits}", (long) (qualifiers[j].stride));
+ sprintf (p2, " {%ld bits}", (long) qualifiers[j].stride);
p2 += strlen (p2);
strcpy (p2, "] of ");
@@ -1345,7 +1343,7 @@ ecoff_type_to_string (bfd *abfd, FDR *fdr, unsigned int indx)
}
strcpy (p2, buffer1);
- return buffer2;
+ return buff;
}
/* Return information about ECOFF symbol SYMBOL in RET. */
@@ -1514,13 +1512,16 @@ _bfd_ecoff_print_symbol (bfd *abfd,
if (ECOFF_IS_STAB (&ecoff_ext.asym))
;
else if (ecoffsymbol (symbol)->local)
- /* xgettext:c-format */
- fprintf (file, _("\n End+1 symbol: %-7ld Type: %s"),
- ((long)
- (AUX_GET_ISYM (bigendian,
- &aux_base[ecoff_ext.asym.index])
- + sym_base)),
- ecoff_type_to_string (abfd, fdr, indx + 1));
+ {
+ char buff[1024];
+ /* xgettext:c-format */
+ fprintf (file, _("\n End+1 symbol: %-7ld Type: %s"),
+ ((long)
+ (AUX_GET_ISYM (bigendian,
+ &aux_base[ecoff_ext.asym.index])
+ + sym_base)),
+ ecoff_type_to_string (abfd, fdr, indx + 1, buff));
+ }
else
fprintf (file, _("\n Local symbol: %ld"),
((long) indx
@@ -1546,8 +1547,11 @@ _bfd_ecoff_print_symbol (bfd *abfd,
default:
if (! ECOFF_IS_STAB (&ecoff_ext.asym))
- fprintf (file, _("\n Type: %s"),
- ecoff_type_to_string (abfd, fdr, indx));
+ {
+ char buff[1024];
+ fprintf (file, _("\n Type: %s"),
+ ecoff_type_to_string (abfd, fdr, indx, buff));
+ }
break;
}
}
diff --git a/bfd/elf32-ppc.c b/bfd/elf32-ppc.c
index 9d8fa66f90..77964946de 100644
--- a/bfd/elf32-ppc.c
+++ b/bfd/elf32-ppc.c
@@ -985,10 +985,12 @@ ppc_elf_unhandled_reloc (bfd *abfd,
if (error_message != NULL)
{
- static char buf[60];
- sprintf (buf, _("generic linker can't handle %s"),
- reloc_entry->howto->name);
- *error_message = buf;
+ static char *message;
+ free (message);
+ if (asprintf (&message, _("generic linker can't handle %s"),
+ reloc_entry->howto->name) < 0)
+ message = NULL;
+ *error_message = message;
}
return bfd_reloc_dangerous;
}
diff --git a/bfd/elf32-rx.c b/bfd/elf32-rx.c
index 3f03ab21f0..cd239bf8d3 100644
--- a/bfd/elf32-rx.c
+++ b/bfd/elf32-rx.c
@@ -3086,10 +3086,8 @@ bfd_elf32_rx_set_target_flags (bfd_boolean user_no_warn_mismatch,
Returns a static pointer. */
static const char *
-describe_flags (flagword flags)
+describe_flags (flagword flags, char *buf)
{
- static char buf [128];
-
buf[0] = 0;
if (flags & E_FLAG_RX_64BIT_DOUBLES)
@@ -3170,13 +3168,15 @@ rx_elf_merge_private_bfd_data (bfd * ibfd, struct bfd_link_info *info)
}
else
{
+ char buf[128];
+
_bfd_error_handler (_("there is a conflict merging the"
" ELF header flags from %pB"),
ibfd);
_bfd_error_handler (_(" the input file's flags: %s"),
- describe_flags (new_flags));
+ describe_flags (new_flags, buf));
_bfd_error_handler (_(" the output file's flags: %s"),
- describe_flags (old_flags));
+ describe_flags (old_flags, buf));
error = TRUE;
}
}
@@ -3195,6 +3195,7 @@ rx_elf_print_private_bfd_data (bfd * abfd, void * ptr)
{
FILE * file = (FILE *) ptr;
flagword flags;
+ char buf[128];
BFD_ASSERT (abfd != NULL && ptr != NULL);
@@ -3204,7 +3205,7 @@ rx_elf_print_private_bfd_data (bfd * abfd, void * ptr)
flags = elf_elfheader (abfd)->e_flags;
fprintf (file, _("private flags = 0x%lx:"), (long) flags);
- fprintf (file, "%s", describe_flags (flags));
+ fprintf (file, "%s", describe_flags (flags, buf));
return TRUE;
}
diff --git a/bfd/elf32-v850.c b/bfd/elf32-v850.c
index 88e774b88e..c3507707e7 100644
--- a/bfd/elf32-v850.c
+++ b/bfd/elf32-v850.c
@@ -144,7 +144,7 @@ v850_elf_check_relocs (bfd *abfd,
&& (h->other & V850_OTHER_ERROR) == 0)
{
const char * msg;
- static char buff[200]; /* XXX */
+ char *buff;
switch (h->other & V850_OTHER_MASK)
{
@@ -165,10 +165,14 @@ v850_elf_check_relocs (bfd *abfd,
break;
}
- sprintf (buff, msg, h->root.root.string);
- info->callbacks->warning (info, buff, h->root.root.string,
+ if (asprintf (&buff, msg, h->root.root.string) < 0)
+ buff = NULL;
+ else
+ msg = buff;
+ info->callbacks->warning (info, msg, h->root.root.string,
abfd, h->root.u.def.section,
(bfd_vma) 0);
+ free (buff);
bfd_set_error (bfd_error_bad_value);
h->other |= V850_OTHER_ERROR;
diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c
index f702a0e43a..4f15c8bcea 100644
--- a/bfd/elf64-ppc.c
+++ b/bfd/elf64-ppc.c
@@ -1715,10 +1715,12 @@ ppc64_elf_unhandled_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol,
if (error_message != NULL)
{
- static char buf[60];
- sprintf (buf, "generic linker can't handle %s",
- reloc_entry->howto->name);
- *error_message = buf;
+ static char *message;
+ free (message);
+ if (asprintf (&message, _("generic linker can't handle %s"),
+ reloc_entry->howto->name) < 0)
+ message = NULL;
+ *error_message = message;
}
return bfd_reloc_dangerous;
}
diff --git a/bfd/mach-o.c b/bfd/mach-o.c
index f285305cd0..25ae21dbe0 100644
--- a/bfd/mach-o.c
+++ b/bfd/mach-o.c
@@ -618,10 +618,8 @@ cputype (unsigned long value)
}
static const char *
-cpusubtype (unsigned long cpu_type, unsigned long cpu_subtype)
+cpusubtype (unsigned long cpu_type, unsigned long cpu_subtype, char *buffer)
{
- static char buffer[128];
-
buffer[0] = 0;
switch (cpu_subtype & BFD_MACH_O_CPU_SUBTYPE_MASK)
{
@@ -695,13 +693,14 @@ bfd_mach_o_bfd_print_private_bfd_data (bfd *abfd, void *ptr)
{
FILE * file = (FILE *) ptr;
bfd_mach_o_data_struct *mdata = bfd_mach_o_get_data (abfd);
+ char buff[128];
fprintf (file, _(" MACH-O header:\n"));
fprintf (file, _(" magic: %#lx\n"), (long) mdata->header.magic);
fprintf (file, _(" cputype: %#lx (%s)\n"), (long) mdata->header.cputype,
cputype (mdata->header.cputype));
fprintf (file, _(" cpusubtype: %#lx%s\n"), (long) mdata->header.cpusubtype,
- cpusubtype (mdata->header.cputype, mdata->header.cpusubtype));
+ cpusubtype (mdata->header.cputype, mdata->header.cpusubtype, buff));
fprintf (file, _(" filetype: %#lx\n"), (long) mdata->header.filetype);
fprintf (file, _(" ncmds: %#lx\n"), (long) mdata->header.ncmds);
fprintf (file, _(" sizeocmds: %#lx\n"), (long) mdata->header.sizeofcmds);
diff --git a/bfd/opncls.c b/bfd/opncls.c
index f7696b658c..df0bf129fe 100644
--- a/bfd/opncls.c
+++ b/bfd/opncls.c
@@ -1347,7 +1347,7 @@ DESCRIPTION
static bfd_boolean
separate_debug_file_exists (const char *name, void *crc32_p)
{
- static unsigned char buffer [8 * 1024];
+ unsigned char buffer[8 * 1024];
unsigned long file_crc = 0;
FILE *f;
bfd_size_type count;
@@ -1765,7 +1765,7 @@ bfd_fill_in_gnu_debuglink_section (bfd *abfd,
char * contents;
bfd_size_type crc_offset;
FILE * handle;
- static unsigned char buffer[8 * 1024];
+ unsigned char buffer[8 * 1024];
size_t count;
size_t filelen;
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c
index 646ad0f0bf..b5ccb18f03 100644
--- a/bfd/peXXigen.c
+++ b/bfd/peXXigen.c
@@ -3681,9 +3681,8 @@ rsrc_print_name (char * buffer, rsrc_string string)
}
static const char *
-rsrc_resource_name (rsrc_entry * entry, rsrc_directory * dir)
+rsrc_resource_name (rsrc_entry *entry, rsrc_directory *dir, char *buffer)
{
- static char buffer [256];
bfd_boolean is_string = FALSE;
buffer[0] = 0;
@@ -4015,8 +4014,12 @@ rsrc_sort_entries (rsrc_dir_chain * chain,
|| dir->entry->parent->entry == NULL)
_bfd_error_handler (_(".rsrc merge failure: duplicate leaf"));
else
- _bfd_error_handler (_(".rsrc merge failure: duplicate leaf: %s"),
- rsrc_resource_name (entry, dir));
+ {
+ char buff[256];
+
+ _bfd_error_handler (_(".rsrc merge failure: duplicate leaf: %s"),
+ rsrc_resource_name (entry, dir, buff));
+ }
bfd_set_error (bfd_error_file_truncated);
return;
}
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 471e0215e6..4fb2945c65 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -2927,6 +2927,7 @@ static void
_bfd_vms_write_emh (bfd *abfd)
{
struct vms_rec_wr *recwr = &PRIV (recwr);
+ unsigned char tbuf[18];
_bfd_vms_output_alignment (recwr, 2);
@@ -2949,7 +2950,7 @@ _bfd_vms_write_emh (bfd *abfd)
_bfd_vms_output_counted (recwr, "NONAME");
_bfd_vms_output_counted (recwr, BFD_VERSION_STRING);
- _bfd_vms_output_dump (recwr, get_vms_time_string (), EMH_DATE_LENGTH);
+ _bfd_vms_output_dump (recwr, get_vms_time_string (tbuf), EMH_DATE_LENGTH);
_bfd_vms_output_fill (recwr, 0, EMH_DATE_LENGTH);
_bfd_vms_output_end (abfd, recwr);
}
diff --git a/bfd/vms-misc.c b/bfd/vms-misc.c
index 70dd0030d5..bc806ca994 100644
--- a/bfd/vms-misc.c
+++ b/bfd/vms-misc.c
@@ -456,9 +456,8 @@ _bfd_vms_convert_to_var_unix_filename (const char *unix_filename)
stolen from obj-vms.c. */
unsigned char *
-get_vms_time_string (void)
+get_vms_time_string (unsigned char *tbuf)
{
- static unsigned char tbuf[18];
#ifndef VMS
char *pnt;
time_t timeb;
diff --git a/bfd/vms.h b/bfd/vms.h
index 88cf83e482..d9726b46af 100644
--- a/bfd/vms.h
+++ b/bfd/vms.h
@@ -111,7 +111,7 @@ extern void _bfd_hexdump (int, unsigned char *, int, int);
#endif
extern char * vms_get_module_name (const char *, bfd_boolean);
-extern unsigned char *get_vms_time_string (void);
+extern unsigned char *get_vms_time_string (unsigned char *);
extern time_t vms_time_to_time_t (unsigned int hi, unsigned int lo);
extern time_t vms_rawtime_to_time_t (unsigned char *);
extern void vms_time_t_to_vms_time (time_t ut, unsigned int *hi, unsigned int *lo);
--
Alan Modra
Australia Development Lab, IBM
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-12-18 0:03 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-18 0:02 Remove some static buffers Alan Modra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).