aniani/nasm
0
0
Fork 1
mirror of https://github.com/netwide-assembler/nasm.git synced 2025-10-10 00:25:06 -04:00
Code Activity

BR3392646: output/outobj.c: fix memory corruption in long object names

Browse Source 
When we encode a name we put its length before it, the
storage is one byte width so the name can't be more
than UINT8_MAX (ie 255) bytes length.

Moreover if one provide a name more than RECORD_MAX then
we simply overwrite random memory.

Thus lets do as in other obj_check calls -- shrink the
size we gonna use. But unlike oter code lets yield a
warning as well.

Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
This commit is contained in:
Cyrill Gorcunov
2020-08-18 20:27:14 +03:00
parent 57e0b3e56a
commit f14552e5fb
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
output/outobj.c
View File

@@ -424,6 +424,12 @@ static ObjRecord *obj_name(ObjRecord * orp, const char *name)
int len = strlen(name);
uint8_t *ptr;
if (len > UINT8_MAX) {
nasm_warn(WARN_OTHER, "cutting object name '%128s...' to %u bytes",
name, UINT8_MAX);
len = UINT8_MAX;
}
orp = obj_check(orp, len + 1);
ptr = orp->buf + orp->used;
*ptr++ = len;