From patchwork Fri Oct 5 13:53:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gary Benson X-Patchwork-Id: 29658 Received: (qmail 50883 invoked by alias); 5 Oct 2018 13:53:17 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Delivered-To: mailing list gdb-patches@sourceware.org Received: (qmail 50629 invoked by uid 89); 5 Oct 2018 13:53:17 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=Reverse X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 05 Oct 2018 13:53:16 +0000 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 32321C057F9F for ; Fri, 5 Oct 2018 13:53:15 +0000 (UTC) Received: from blade.nx (ovpn-117-64.ams2.redhat.com [10.36.117.64]) by smtp.corp.redhat.com (Postfix) with ESMTP id EBEBE6246B for ; Fri, 5 Oct 2018 13:53:14 +0000 (UTC) Received: from blade.com (localhost [127.0.0.1]) by blade.nx (Postfix) with ESMTP id 2897D8019FA9 for ; Fri, 5 Oct 2018 14:53:14 +0100 (BST) From: Gary Benson To: gdb-patches@sourceware.org Subject: [PATCH] Fix buffer overrun found by Coverity Date: Fri, 5 Oct 2018 14:53:11 +0100 Message-Id: <1538747591-32283-1-git-send-email-gbenson@redhat.com> X-IsSubscribed: yes Hi all, This commit fixes a buffer overrun found by Coverity, where 36 bytes are written into the 24 byte buffer "ids". The "ids_seen" buffer doesn't overrun, but I've changed that too, to future-proof it some. I would have committed this as obvious, but the testsuite doesn't exercise this piece of code; I can't realistically say I've regression tested this change, so I'd like another pair of eyes on it to be sure. Cheers, Gary --- gdb/ChangeLog: * dwarf2read.c (create_dwp_hash_table): Fix buffer overrun found by Coverity. --- gdb/ChangeLog | 5 +++++ gdb/dwarf2read.c | 5 +++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/gdb/dwarf2read.c b/gdb/dwarf2read.c index 4a35e38..e9d1ac5 100644 --- a/gdb/dwarf2read.c +++ b/gdb/dwarf2read.c @@ -12197,6 +12197,7 @@ create_dwp_hash_table (struct dwarf2_per_objfile *dwarf2_per_objfile, { const gdb_byte *ids_ptr = htab->unit_table + sizeof (uint32_t) * nr_slots; int *ids = htab->section_pool.v2.section_ids; + size_t sizeof_ids = sizeof (htab->section_pool.v2.section_ids); /* Reverse map for error checking. */ int ids_seen[DW_SECT_MAX + 1]; int i; @@ -12213,8 +12214,8 @@ create_dwp_hash_table (struct dwarf2_per_objfile *dwarf2_per_objfile, " in section table [in module %s]"), dwp_file->name); } - memset (ids, 255, (DW_SECT_MAX + 1) * sizeof (int32_t)); - memset (ids_seen, 255, (DW_SECT_MAX + 1) * sizeof (int32_t)); + memset (ids, 255, sizeof_ids); + memset (ids_seen, 255, sizeof (ids_seen)); for (i = 0; i < nr_columns; ++i) { int id = read_4_bytes (dbfd, ids_ptr + i * sizeof (uint32_t));