From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 25745 invoked by alias); 14 Apr 2010 09:30:37 -0000 Received: (qmail 25737 invoked by uid 22791); 14 Apr 2010 09:30:36 -0000 X-SWARE-Spam-Status: No, hits=0.2 required=5.0 tests=BAYES_00,TVD_APPROVED X-Spam-Check-By: sourceware.org Received: from mel.act-europe.fr (HELO mel.act-europe.fr) (212.99.106.210) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 14 Apr 2010 09:30:33 +0000 Received: from localhost (localhost [127.0.0.1]) by filtered-smtp.eu.adacore.com (Postfix) with ESMTP id 5B724CB0315; Wed, 14 Apr 2010 11:30:31 +0200 (CEST) Received: from mel.act-europe.fr ([127.0.0.1]) by localhost (smtp.eu.adacore.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G-oORYnaaBzZ; Wed, 14 Apr 2010 11:30:31 +0200 (CEST) Received: from dhcp-guest-205.act-europe.fr (dhcp-guest-205.act-europe.fr [10.10.127.205]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mel.act-europe.fr (Postfix) with ESMTP id 463CDCB0314; Wed, 14 Apr 2010 11:30:31 +0200 (CEST) Subject: Re: [Patch 3/4]: Rewrite of the alpha-vms bfd back-end (ld) Mime-Version: 1.0 (Apple Message framework v1078) Content-Type: text/plain; charset=us-ascii From: Tristan Gingold In-Reply-To: <4BC4A31D.8040602@redhat.com> Date: Wed, 14 Apr 2010 09:30:00 -0000 Cc: binutils@sourceware.org Content-Transfer-Encoding: quoted-printable Message-Id: <4543C089-F1FD-4A5E-A115-5E1BD1C2D9EC@adacore.com> References: <20100409093459.GA85611@ulanbator.act-europe.fr> <4BC44D0D.7000600@redhat.com> <02F74D75-F03A-4B30-AB42-72488978146E@adacore.com> <4BC4A31D.8040602@redhat.com> To: Nick Clifton X-IsSubscribed: yes Mailing-List: contact binutils-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: binutils-owner@sourceware.org X-SW-Source: 2010-04/txt/msg00175.txt.bz2 On Apr 13, 2010, at 7:00 PM, Nick Clifton wrote: > Hi Tristan, >=20 >>>> + string =3D (char *) xmalloc (strlen (search->name) >>>> + + strlen (entry->filename) >>>> + + sizeof "/.exe"); >>>> + >>>> + sprintf (string, "%s/%s.exe", search->name, entry->filename); >>>=20 >>> What about the zero-terminator for the string ? Ie this looks like a p= ossible memory corruption bug to me. >>=20 >> Isn't sizeof ("./exe") =3D=3D 6 (ie, strlen + 1) ? >=20 > Mea culpa. You're right. Patch approved. Thanks, committed. Tristan.