Imagelibrary/binutils-gdb
1
0
Fork 1
mirror of https://github.com/bminor/binutils-gdb.git synced 2025-12-26 01:07:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

PR32560 stack-buffer-overflow at objdump disassemble_bytes

Browse Source 
There's always someone pushing the boundaries.

	PR 32560
	* objdump.c (MAX_INSN_WIDTH): Define.
	(insn_width): Make it an unsigned long.
	(disassemble_bytes): Use MAX_INSN_WIDTH to size buffer.
	(main <OPTION_INSN_WIDTH>): Restrict size of insn_width.
This commit is contained in:
Alan Modra
2025-01-15 19:13:43 +10:30
parent e2d1cb946f
commit baac6c221e
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
binutils/objdump.c
View File

@@ -117,7 +117,8 @@ static bool disassemble_all; /* -D */
static int disassemble_zeroes; /* --disassemble-zeroes */
static bool formats_info; /* -i */
int wide_output; /* -w */
static int insn_width; /* --insn-width */
#define MAX_INSN_WIDTH 49
static unsigned long insn_width; /* --insn-width */
static bfd_vma start_address = (bfd_vma) -1; /* --start-address */
static bfd_vma stop_address = (bfd_vma) -1; /* --stop-address */
static int dump_debugging; /* --debugging */
@@ -3391,7 +3392,7 @@ disassemble_bytes (struct disassemble_info *inf,
}
else
{
char buf[50];
char buf[MAX_INSN_WIDTH + 1];
unsigned int bpc = 0;
unsigned int pb = 0;
@@ -6070,8 +6071,9 @@ main (int argc, char **argv)
break;
case OPTION_INSN_WIDTH:
insn_width = strtoul (optarg, NULL, 0);
if (insn_width <= 0)
fatal (_("error: instruction width must be positive"));
if (insn_width - 1 >= MAX_INSN_WIDTH)
fatal (_("error: instruction width must be in the range 1 to "
XSTRING (MAX_INSN_WIDTH)));
break;
case OPTION_INLINES:
unwind_inlines = true;