https://sourceware.org/bugzilla/show_bug.cgi?id=20499
--- Comment #5 from Tobias Stoeckmann <tobias at stoeckmann dot org> ---
The buffers are secured due to their size (to be honest, I didn't even check
that when I did my review... *phew* :) ).
The actual issue arises if the parsed line does not match "%s %c %s". This
pattern fills address, type, and name in that order. If the input is merely
"x", only "address" is filled, the others are left alone.
And that is why "name" is still just a xmalloc()ed area, and the content, from
a C-perspective, undefined. Calling strlen() in such a situation could
therefore trigger a segmentation fault in very rare situations.
You can see it happening if you add a simple printf("name = %s\n", name);
statement after your PR-check. Or by debugging to that position, but I'm more
of a printf-debug person. :)
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils
