From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4547 invoked by alias); 12 Aug 2010 13:39:29 -0000 Received: (qmail 4466 invoked by uid 22791); 12 Aug 2010 13:39:28 -0000 X-SWARE-Spam-Status: No, hits=-5.7 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,TW_RG,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 12 Aug 2010 13:39:23 +0000 Received: from int-mx05.intmail.prod.int.phx2.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.18]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o7CDdLl2030396 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 12 Aug 2010 09:39:22 -0400 Received: from Gift.redhat.com (vpn2-10-108.ams2.redhat.com [10.36.10.108]) by int-mx05.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o7CDdJij008403 for ; Thu, 12 Aug 2010 09:39:21 -0400 From: Nick Clifton To: gcc-patches@gcc.gnu.org Subject: Libiberty: Infinite recursive loop in @FILE option Date: Thu, 12 Aug 2010 13:42:00 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-IsSubscribed: yes Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org X-SW-Source: 2010-08/txt/msg00900.txt.bz2 Hi Guys, Binutils bug #11835 is actually a libiberty bug in the handling of command lines containing recursive @ directives: http://sourceware.org/bugzilla/show_bug.cgi?id=11835 A simple iteration count is one way to solve the problem, so I have appended a suggested patch below. I am not sure however if the limit of 2000 iterations would be regarded as being too small. OK to apply ? Cheers Nick libiberty/ChangeLog 2010-08-12 Nick Clifton * argv.c (expandargv): Limit the number of times that response files are opened in order to prevent infinite recursion. Index: libiberty/argv.c =================================================================== RCS file: /cvs/src/src/libiberty/argv.c,v retrieving revision 1.21 diff -c -3 -p -r1.21 argv.c *** libiberty/argv.c 9 Oct 2009 04:49:48 -0000 1.21 --- libiberty/argv.c 12 Aug 2010 13:38:14 -0000 *************** expandargv (int *argcp, char ***argvp) *** 386,391 **** --- 386,394 ---- int i = 0; /* Non-zero if ***argvp has been dynamically allocated. */ int argv_dynamic = 0; + /* Limit the number of response files that we parse in order + to prevent infinite recursion. */ + unsigned int iteration_limit = 2000; /* Loop over the arguments, handling response files. We always skip ARGVP[0], as that is the name of the program being run. */ while (++i < *argcp) *************** expandargv (int *argcp, char ***argvp) *** 412,417 **** --- 415,426 ---- filename = (*argvp)[i]; if (filename[0] != '@') continue; + /* If we have iterated too many times then stop. */ + if (-- iteration_limit == 0) + { + fprintf (stderr, "%s: error: too many @-files encountered\n", (*argvp)[0]); + xexit (1); + } /* Read the contents of the file. */ f = fopen (++filename, "r"); if (!f)