summaryrefslogtreecommitdiff
blob: 5daa4e9fee410bf419baaddf75949eb6aed7d043 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
From ff9bea065f4cc6068dcb8d6ea9423105305ca590 Mon Sep 17 00:00:00 2001
From: Sergei Trofimovich <slyfox@gentoo.org>
Date: Mon, 5 Aug 2013 13:03:21 +0300
Subject: [PATCH] src/tools/tools86.c: fix stack buffer overflow in
 'change_aout'

Detected by gcc:

gcc -std=gnu99 -c -MP -MMD -I../../src/include -I../../src/plugin/include  -Wall -Wstrict-prototypes -Wmissing-declarations -Wnested-externs  -fno-strict-aliasing -pipe -O2 -fomit-frame-pointer -o tools86.o tools86.c
In file included from /usr/include/stdio.h:937:0,
 from tools86.c:98:
 In function 'fread',
     inlined from 'change_aout.constprop.1' at tools86.c:174:12,
         inlined from 'main' at tools86.c:391:18:
         /usr/include/bits/stdio2.h:293:2: warning: call to '__fread_chk_warn' declared with attribute warning: fread called with bigger size * nmemb than length of destination buffer [enabled by default]
           return __fread_chk_warn (__ptr, __bos0 (__ptr), __size, __n, __stream);
             ^
Gentoo-bug: http://bugs.gentoo.org/343577
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
---
 src/tools/tools86.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tools/tools86.c b/src/tools/tools86.c
index 141610d..35a0b96 100644
--- a/src/tools/tools86.c
+++ b/src/tools/tools86.c
@@ -137,7 +137,7 @@ struct bsd_header {            /* a.out header */
 #endif
 
 #ifdef __linux__
-static int header_ld86out_to_gnuasout(struct bsd_header *bsd, struct gnu_header *gnu)
+static int header_ld86out_to_gnuasout(const struct bsd_header *bsd, struct gnu_header *gnu)
 {
   if (bsd->a_magic[0] != 0x01 || bsd->a_magic[1] != 0x03 ||
       bsd->a_flags != 0x00 || bsd->a_cpu != 0x10) return -1;
@@ -171,7 +171,7 @@ static int change_aout(char *objfile, int update_symtable)
     return errno;
   }
 #ifdef __linux__
-  if (fread(&bsd,sizeof(gnu),1,f) != 1 ) {
+  if (fread(&bsd,sizeof(bsd),1,f) != 1 ) {
     fclose(f);
     return -1;
   }
-- 
1.8.3.2