bug-binutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug binutils/20499] gprof: segmentation fault on invalid symbol file

From: nickc at redhat dot com
Subject: [Bug binutils/20499] gprof: segmentation fault on invalid symbol file
Date: Tue, 23 Aug 2016 08:19:18 +0000 
https://sourceware.org/bugzilla/show_bug.cgi?id=20499

Nick Clifton <nickc at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #9465|0                           |1
        is obsolete|                            |
   Attachment #9468|0                           |1
        is obsolete|                            |

--- Comment #6 from Nick Clifton <nickc at redhat dot com> ---
Created attachment 9470
  --> https://sourceware.org/bugzilla/attachment.cgi?id=9470&action=edit
Proposed patch

Hi Tobias,

> The actual issue arises if the parsed line does not match "%s %c %s". This 
> pattern fills address, type, and name in that order. If the input is merely 
> "x", only "address" is filled, the others are left alone.

Good point.  It also shiws a weakness in my original patch, in that it did not
address the true cause of the problem.

I have uploaded another potential patch which I think should get both things
right - it provides upper limits to the sscanf and fscanf calls, so that the
string buffers cannot overflow, and it changes the loop in
core_create_sym_from() so that only lines where the sscanf function succeeds
are then converted into symbols.  Please have a look and let me know what you
think.

Cheers
  Nick

-- 
You are receiving this mail because:
You are on the CC list for the bug.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]