54 lines
1.7 KiB
Diff
54 lines
1.7 KiB
Diff
From baac6c221e9d69335bf41366a1c7d87d8ab2f893 Mon Sep 17 00:00:00 2001
|
|
From: Alan Modra <amodra@gmail.com>
|
|
Date: Wed, 15 Jan 2025 19:13:43 +1030
|
|
Subject: [PATCH] PR32560 stack-buffer-overflow at objdump disassemble_bytes
|
|
|
|
There's always someone pushing the boundaries.
|
|
|
|
PR 32560
|
|
* objdump.c (MAX_INSN_WIDTH): Define.
|
|
(insn_width): Make it an unsigned long.
|
|
(disassemble_bytes): Use MAX_INSN_WIDTH to size buffer.
|
|
(main <OPTION_INSN_WIDTH>): Restrict size of insn_width.
|
|
---
|
|
binutils/objdump.c | 10 ++++++----
|
|
1 file changed, 6 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/binutils/objdump.c b/binutils/objdump.c
|
|
index ecbe39e942e..80044dea580 100644
|
|
--- a/binutils/objdump.c
|
|
+++ b/binutils/objdump.c
|
|
@@ -109,7 +109,8 @@
|
|
static int disassemble_zeroes; /* --disassemble-zeroes */
|
|
static bfd_boolean formats_info; /* -i */
|
|
static int wide_output; /* -w */
|
|
-static int insn_width; /* --insn-width */
|
|
+#define MAX_INSN_WIDTH 49
|
|
+static unsigned long insn_width; /* --insn-width */
|
|
static bfd_vma start_address = (bfd_vma) -1; /* --start-address */
|
|
static bfd_vma stop_address = (bfd_vma) -1; /* --stop-address */
|
|
static int dump_debugging; /* --debugging */
|
|
@@ -2738,7 +2739,7 @@
|
|
}
|
|
else
|
|
{
|
|
- char buf[50];
|
|
+ char buf[MAX_INSN_WIDTH + 1];
|
|
int bpc = 0;
|
|
int pb = 0;
|
|
|
|
@@ -5288,8 +5289,9 @@
|
|
break;
|
|
case OPTION_INSN_WIDTH:
|
|
insn_width = strtoul (optarg, NULL, 0);
|
|
- if (insn_width <= 0)
|
|
- fatal (_("error: instruction width must be positive"));
|
|
+ if (insn_width - 1 >= MAX_INSN_WIDTH)
|
|
+ fatal (_("error: instruction width must be in the range 1 to "
|
|
+ XSTRING (MAX_INSN_WIDTH)));
|
|
break;
|
|
case OPTION_INLINES:
|
|
unwind_inlines = TRUE;
|
|
--
|
|
2.43.5
|