https://sourceware.org/bugzilla/show_bug.cgi?id=28933
Nick Alcock <nick.alcock at oracle dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned at sourceware dot org |nick.alcock at oracle
dot com
--- Comment #1 from Nick Alcock <nick.alcock at oracle dot com> ---
Interesting! I routinely do both, so this must be a recent regression (well,
ok, as recent as a few months ago. I'll get back to libctf soon.)
This is assembler input for a corrupted CTF dict, but we shouldn't
buffer-overrun even in that case. The fundamental problem is that ctf_bufopen
trusts the length it was passed in the ctf_sect_t (it has to: that's the only
length it gets), but never checks that the CTF header is consistent with it.
(Fixing that will break the test: I'll fix it so it still tests what it's meant
to, and add a new test for this case.)
--
You are receiving this mail because:
You are on the CC list for the bug.
