FIX #90: STRING_OVERFLOW in sparc_attrs.c

Message ID 20241106143922.83952-1-ant.v.moryakov@gmail.com
State Rejected
Headers
Series FIX #90: STRING_OVERFLOW in sparc_attrs.c |

Commit Message

Anton Moryakov Nov. 6, 2024, 2:39 p.m. UTC
  From: AntonMoryakov <ant.v.moryakov@gmail.com>

first report of the static analyzer:
A string is copied into the buffer 's' of size 577 without checking its length first at sparc_attrs.c:95.

Corrections explained:
Added static_assert to check the size of the name buffer at compile time. 
This static_assert will assert that the buffer is large enough to hold all 
possible values, without changing the rest of the logic.

Found by RASY JSC
signed-off-by: Anton Moryakov
<ant.v.moryakov@gmail.com>
  

Patch

diff --git a/elfutils/backends/sparc_attrs.c b/elfutils/backends/sparc_attrs.c
index 974e8fb..8cbf8cb 100644
--- a/elfutils/backends/sparc_attrs.c
+++ b/elfutils/backends/sparc_attrs.c
@@ -32,10 +32,14 @@ 
 
 #include <string.h>
 #include <dwarf.h>
+#include <assert.h>
 
 #define BACKEND sparc_
 #include "libebl_CPU.h"
 
+#define NAME_MAX_SIZE (32 * 17 + 32 + 1) // новый код
+static_assert(NAME_MAX_SIZE == (32 * 17 + 32 + 1), "Buffer size for 'name' is insufficient");
+
 bool
 sparc_check_object_attribute (Ebl *ebl __attribute__ ((unused)),
 			      const char *vendor, int tag, uint64_t value,
@@ -63,7 +67,7 @@  sparc_check_object_attribute (Ebl *ebl __attribute__ ((unused)),
   /* NAME should be big enough to hold any possible comma-separated
      list (no repetitions allowed) of attribute names from one of the
      arrays above.  */
-  static char name[32*17+32+1];
+  static char name[NAME_MAX_SIZE];
   name[0] = '\0';
 
   if (!strcmp (vendor, "gnu"))