This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Go patch committed: Avoid memory overrun for bogus file name

From: Ian Lance Taylor <iant at google dot com>
To: gcc-patches at gcc dot gnu dot org, gofrontend-dev at googlegroups dot com
Date: Tue, 29 Apr 2014 22:38:32 -0400
Subject: Go patch committed: Avoid memory overrun for bogus file name
Authentication-results: sourceware.org; auth=none

Dominik Vogt pointed out a problem in the Go frontend: it could
overwrite memory incorrectly if an archive contains a file whose name is
only spaces.  This patch fixes the problem.  Bootstrapped and ran Go
testsuite on x86_64-unknown-linux-gnu.  Committed to mainline and 4.9
branch.

Ian

diff -r e403fdfd3005 go/import-archive.cc
--- a/go/import-archive.cc	Fri Apr 25 20:32:52 2014 -0700
+++ b/go/import-archive.cc	Tue Apr 29 22:32:40 2014 -0400
@@ -261,7 +261,7 @@
   char size_string[size_string_size + 1];
   memcpy(size_string, hdr->ar_size, size_string_size);
   char* ps = size_string + size_string_size;
-  while (ps[-1] == ' ')
+  while (ps > size_string && ps[-1] == ' ')
     --ps;
   *ps = '\0';

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]