[PATCH] sparc_attrs: Fix string overflow

Maks Mishin Mon, 01 Jul 2024 14:33:20 -0700

A string is copied into the buffer 's' of size 577 without checking its length 
first at sparc_attrs.c:95.


Found by RASU JSC.

Signed-off-by: Maks Mishin <maks.mishi...@gmail.com>
---
 backends/sparc_attrs.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/backends/sparc_attrs.c b/backends/sparc_attrs.c
index 974e8fb0..104d4ed3 100644
--- a/backends/sparc_attrs.c
+++ b/backends/sparc_attrs.c
@@ -32,6 +32,7 @@
 
 #include <string.h>
 #include <dwarf.h>
+#include <assert.h>
 
 #define BACKEND sparc_
 #include "libebl_CPU.h"
@@ -92,6 +93,7 @@ sparc_check_object_attribute (Ebl *ebl __attribute__ 
((unused)),
               {
                 if (*s != '\0')
                   s = strcat (s, ",");
+                assert (strlen(s) + strlen(caps[cap]) < 577);
                 s = strcat (s, caps[cap]);
               }
           
-- 
2.30.2

[PATCH] sparc_attrs: Fix string overflow

Reply via email to