[PATCH] D41270: Fix buffer overrun in WindowsResourceCOFFWriter::writeSymbolTable()
Bob Haarman via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Dec 14 19:48:24 PST 2017
inglorion created this revision.
inglorion added reviewers: ruiu, zturner.
We were using sprintf(..., "$R06X", <some uint32_t>) to create strings
that are expected to be exactly length 8, but this results in longer
strings if the uint32_t is greater than 0xffffff. This change masks
the uint32_ts to only the lowest 24 bits, which avoids the problem and
matches the behavior of cvtres.exe.
Fixes PR35581.
https://reviews.llvm.org/D41270
Files:
llvm/lib/Object/WindowsResource.cpp
Index: llvm/lib/Object/WindowsResource.cpp
===================================================================
--- llvm/lib/Object/WindowsResource.cpp
+++ llvm/lib/Object/WindowsResource.cpp
@@ -561,9 +561,9 @@
// Now write a symbol for each relocation.
for (unsigned i = 0; i < Data.size(); i++) {
char RelocationName[9];
- sprintf(RelocationName, "$R%06X", DataOffsets[i]);
+ sprintf(RelocationName, "$R%06X", DataOffsets[i] & 0xffffff);
Symbol = reinterpret_cast<coff_symbol16 *>(BufferStart + CurrentOffset);
- strncpy(Symbol->Name.ShortName, RelocationName, (size_t)COFF::NameSize);
+ memcpy(Symbol->Name.ShortName, RelocationName, (size_t)COFF::NameSize);
Symbol->Value = DataOffsets[i];
Symbol->SectionNumber = 2;
Symbol->Type = COFF::IMAGE_SYM_DTYPE_NULL;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D41270.127061.patch
Type: text/x-patch
Size: 807 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20171215/0c8ad166/attachment.bin>
More information about the llvm-commits
mailing list