Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 46130 Details for
Bug 74477
dev-lang/nasm-0.98.38: error() overflows buff[]
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
nasm-0.98.38-overflow.patch
nasm-0.98.38-overflow.patch (text/plain), 13.16 KB, created by
Luke Macken (RETIRED)
on 2004-12-16 08:21:21 UTC
(
hide
)
Description:
nasm-0.98.38-overflow.patch
Filename:
MIME Type:
Creator:
Luke Macken (RETIRED)
Created:
2004-12-16 08:21:21 UTC
Size:
13.16 KB
patch
obsolete
>--- preproc.c.orig 2004-12-16 10:49:55 -0500 >+++ preproc.c 2004-12-16 10:51:48 -0500 >@@ -528,7 +528,7 @@ > fname++; > fnlen = strcspn(fname, "\""); > line = nasm_malloc(20 + fnlen); >- sprintf(line, "%%line %d %.*s", lineno, fnlen, fname); >+ snprintf(line, 20+fnlen,"%%line %d %.*s", lineno, fnlen, fname); > nasm_free(oldline); > } > if (tasm_compatible_mode) >@@ -1043,7 +1043,7 @@ > char *p, *q = t->text + 2; > > q += strspn(q, "$"); >- sprintf(buffer, "..@%lu.", ctx->number); >+ snprintf(buffer, sizeof(buffer), "..@%lu.", ctx->number); > p = nasm_strcat(buffer, q); > nasm_free(t->text); > t->text = p; >@@ -1520,23 +1520,30 @@ > t = t->next; > continue; > } >- else if (tt->type == TOK_WHITESPACE) >+ if (tt->type == TOK_WHITESPACE) > { > tt = tt->next; > continue; > } >- else if (tt->type != t->type || >- mstrcmp(tt->text, t->text, casesense)) >+ if (tt->type != t->type) > { > j = FALSE; /* found mismatching tokens */ > break; > } >- else >+ /* Unify surrounding quotes for strings */ >+ if (t->type == TOK_STRING) > { >- t = t->next; >- tt = tt->next; >- continue; >+ tt->text[0] = t->text[0]; >+ tt->text[strlen(tt->text) - 1] = t->text[0]; > } >+ if (mstrcmp(tt->text, t->text, casesense) != 0) >+ { >+ j = FALSE; /* found mismatching tokens */ >+ break; >+ } >+ >+ t = t->next; >+ tt = tt->next; > } > if ((t->type != TOK_OTHER || strcmp(t->text, ",")) || tt) > j = FALSE; /* trailing gunk on one end or other */ >@@ -1954,7 +1961,7 @@ > free_tlist(tt); > > /* Now define the macro for the argument */ >- sprintf(directive, "%%define %s (%s+%d)", arg, StackPointer, >+ snprintf(directive, sizeof(directive), "%%define %s (%s+%d)", arg, StackPointer, > offset); > do_directive(tokenise(directive)); > offset += size; >@@ -2051,13 +2058,13 @@ > free_tlist(tt); > > /* Now define the macro for the argument */ >- sprintf(directive, "%%define %s (%s-%d)", local, StackPointer, >+ snprintf(directive, sizeof(directive), "%%define %s (%s-%d)", local, StackPointer, > offset); > do_directive(tokenise(directive)); > offset += size; > > /* Now define the assign to setup the enter_c macro correctly */ >- sprintf(directive, "%%assign %%$localsize %%$localsize+%d", >+ snprintf(directive, sizeof(directive), "%%assign %%$localsize %%$localsize+%d", > size); > do_directive(tokenise(directive)); > >@@ -3182,12 +3189,12 @@ > */ > case '0': > type = TOK_NUMBER; >- sprintf(tmpbuf, "%d", mac->nparam); >+ snprintf(tmpbuf, sizeof(tmpbuf), "%d", mac->nparam); > text = nasm_strdup(tmpbuf); > break; > case '%': > type = TOK_ID; >- sprintf(tmpbuf, "..@%lu.", mac->unique); >+ snprintf(tmpbuf, sizeof(tmpbuf), "..@%lu.", mac->unique); > text = nasm_strcat(tmpbuf, t->text + 2); > break; > case '-': >@@ -4067,7 +4074,7 @@ > return; > > va_start(arg, fmt); >- vsprintf(buff, fmt, arg); >+ vsnprintf(buff, sizeof(buff), fmt, arg); > va_end(arg); > > if (istk && istk->mstk && istk->mstk->name) >@@ -4530,7 +4537,7 @@ > make_tok_num(Token * tok, long val) > { > char numbuf[20]; >- sprintf(numbuf, "%ld", val); >+ snprintf(numbuf, sizeof(numbuf), "%ld", val); > tok->text = nasm_strdup(numbuf); > tok->type = TOK_NUMBER; > } >--- disasm.c.orig 2003-02-24 18:22:45.000000000 -0500 >+++ disasm.c 2004-12-15 18:00:13.000000000 -0500 >@@ -484,8 +484,8 @@ > return data - origdata; > } > >-long disasm (unsigned char *data, char *output, int segsize, long offset, >- int autosync, unsigned long prefer) >+long disasm (unsigned char *data, char *output, int outbufsize, int segsize, >+ long offset, int autosync, unsigned long prefer) > { > struct itemplate **p, **best_p; > int length, best_length = 0; >@@ -583,26 +583,26 @@ > slen = 0; > > if (lock) >- slen += sprintf(output+slen, "lock "); >+ slen += snprintf(output+slen, outbufsize-slen, "lock "); > for (i = 0; i < ins.nprefix; i++) > switch (ins.prefixes[i]) { >- case P_REP: slen += sprintf(output+slen, "rep "); break; >- case P_REPE: slen += sprintf(output+slen, "repe "); break; >- case P_REPNE: slen += sprintf(output+slen, "repne "); break; >- case P_A16: slen += sprintf(output+slen, "a16 "); break; >- case P_A32: slen += sprintf(output+slen, "a32 "); break; >- case P_O16: slen += sprintf(output+slen, "o16 "); break; >- case P_O32: slen += sprintf(output+slen, "o32 "); break; >+ case P_REP: slen += snprintf(output+slen, outbufsize-slen, "rep "); break; >+ case P_REPE: slen += snprintf(output+slen, outbufsize-slen, "repe "); break; >+ case P_REPNE: slen += snprintf(output+slen, outbufsize-slen, "repne "); break; >+ case P_A16: slen += snprintf(output+slen, outbufsize-slen, "a16 "); break; >+ case P_A32: slen += snprintf(output+slen, outbufsize-slen, "a32 "); break; >+ case P_O16: slen += snprintf(output+slen, outbufsize-slen, "o16 "); break; >+ case P_O32: slen += snprintf(output+slen, outbufsize-slen, "o32 "); break; > } > > for (i = 0; i < elements(ico); i++) > if ((*p)->opcode == ico[i]) { >- slen += sprintf(output+slen, "%s%s", icn[i], >+ slen += snprintf(output+slen, outbufsize-slen, "%s%s", icn[i], > whichcond(ins.condition)); > break; > } > if (i >= elements(ico)) >- slen += sprintf(output+slen, "%s", insn_names[(*p)->opcode]); >+ slen += snprintf(output+slen, outbufsize-slen, "%s", insn_names[(*p)->opcode]); > colon = FALSE; > length += data - origdata; /* fix up for prefixes */ > for (i=0; i<(*p)->operands; i++) { >@@ -633,14 +633,14 @@ > ins.oprs[i].basereg = whichreg ((*p)->opd[i], > ins.oprs[i].basereg); > if ( (*p)->opd[i] & TO ) >- slen += sprintf(output+slen, "to "); >- slen += sprintf(output+slen, "%s", >+ slen += snprintf(output+slen, outbufsize-slen, "to "); >+ slen += snprintf(output+slen, outbufsize-slen, "%s", > reg_names[ins.oprs[i].basereg-EXPR_REG_START]); > } else if (!(UNITY & ~(*p)->opd[i])) { > output[slen++] = '1'; > } else if ( (*p)->opd[i] & IMMEDIATE ) { > if ( (*p)->opd[i] & BITS8 ) { >- slen += sprintf(output+slen, "byte "); >+ slen += snprintf(output+slen, outbufsize-slen, "byte "); > if (ins.oprs[i].segment & SEG_SIGNED) { > if (ins.oprs[i].offset < 0) { > ins.oprs[i].offset *= -1; >@@ -649,17 +649,17 @@ > output[slen++] = '+'; > } > } else if ( (*p)->opd[i] & BITS16 ) { >- slen += sprintf(output+slen, "word "); >+ slen += snprintf(output+slen, outbufsize-slen, "word "); > } else if ( (*p)->opd[i] & BITS32 ) { >- slen += sprintf(output+slen, "dword "); >+ slen += snprintf(output+slen, outbufsize-slen, "dword "); > } else if ( (*p)->opd[i] & NEAR ) { >- slen += sprintf(output+slen, "near "); >+ slen += snprintf(output+slen, outbufsize-slen, "near "); > } else if ( (*p)->opd[i] & SHORT ) { >- slen += sprintf(output+slen, "short "); >+ slen += snprintf(output+slen, outbufsize-slen, "short "); > } >- slen += sprintf(output+slen, "0x%lx", ins.oprs[i].offset); >+ slen += snprintf(output+slen, outbufsize-slen, "0x%lx", ins.oprs[i].offset); > } else if ( !(MEM_OFFS & ~(*p)->opd[i]) ) { >- slen += sprintf(output+slen, "[%s%s%s0x%lx]", >+ slen += snprintf(output+slen, outbufsize-slen, "[%s%s%s0x%lx]", > (segover ? segover : ""), > (segover ? ":" : ""), > (ins.oprs[i].addr_size == 32 ? "dword " : >@@ -669,30 +669,30 @@ > } else if ( !(REGMEM & ~(*p)->opd[i]) ) { > int started = FALSE; > if ( (*p)->opd[i] & BITS8 ) >- slen += sprintf(output+slen, "byte "); >+ slen += snprintf(output+slen, outbufsize-slen, "byte "); > if ( (*p)->opd[i] & BITS16 ) >- slen += sprintf(output+slen, "word "); >+ slen += snprintf(output+slen, outbufsize-slen, "word "); > if ( (*p)->opd[i] & BITS32 ) >- slen += sprintf(output+slen, "dword "); >+ slen += snprintf(output+slen, outbufsize-slen, "dword "); > if ( (*p)->opd[i] & BITS64 ) >- slen += sprintf(output+slen, "qword "); >+ slen += snprintf(output+slen, outbufsize-slen, "qword "); > if ( (*p)->opd[i] & BITS80 ) >- slen += sprintf(output+slen, "tword "); >+ slen += snprintf(output+slen, outbufsize-slen, "tword "); > if ( (*p)->opd[i] & FAR ) >- slen += sprintf(output+slen, "far "); >+ slen += snprintf(output+slen, outbufsize-slen, "far "); > if ( (*p)->opd[i] & NEAR ) >- slen += sprintf(output+slen, "near "); >+ slen += snprintf(output+slen, outbufsize-slen, "near "); > output[slen++] = '['; > if (ins.oprs[i].addr_size) >- slen += sprintf(output+slen, "%s", >+ slen += snprintf(output+slen, outbufsize-slen, "%s", > (ins.oprs[i].addr_size == 32 ? "dword " : > ins.oprs[i].addr_size == 16 ? "word " : "")); > if (segover) { >- slen += sprintf(output+slen, "%s:", segover); >+ slen += snprintf(output+slen, outbufsize-slen, "%s:", segover); > segover = NULL; > } > if (ins.oprs[i].basereg != -1) { >- slen += sprintf(output+slen, "%s", >+ slen += snprintf(output+slen, outbufsize-slen, "%s", > reg_names[(ins.oprs[i].basereg - > EXPR_REG_START)]); > started = TRUE; >@@ -700,11 +700,11 @@ > if (ins.oprs[i].indexreg != -1) { > if (started) > output[slen++] = '+'; >- slen += sprintf(output+slen, "%s", >+ slen += snprintf(output+slen, outbufsize-slen, "%s", > reg_names[(ins.oprs[i].indexreg - > EXPR_REG_START)]); > if (ins.oprs[i].scale > 1) >- slen += sprintf(output+slen, "*%d", ins.oprs[i].scale); >+ slen += snprintf(output+slen, outbufsize-slen, "*%d", ins.oprs[i].scale); > started = TRUE; > } > if (ins.oprs[i].segment & SEG_DISP8) { >@@ -713,20 +713,20 @@ > ins.oprs[i].offset = - (signed char) ins.oprs[i].offset; > sign = '-'; > } >- slen += sprintf(output+slen, "%c0x%lx", sign, >+ slen += snprintf(output+slen, outbufsize-slen, "%c0x%lx", sign, > ins.oprs[i].offset); > } else if (ins.oprs[i].segment & SEG_DISP16) { > if (started) > output[slen++] = '+'; >- slen += sprintf(output+slen, "0x%lx", ins.oprs[i].offset); >+ slen += snprintf(output+slen, outbufsize-slen, "0x%lx", ins.oprs[i].offset); > } else if (ins.oprs[i].segment & SEG_DISP32) { > if (started) > output[slen++] = '+'; >- slen += sprintf(output+slen, "0x%lx", ins.oprs[i].offset); >+ slen += snprintf(output+slen, outbufsize-slen, "0x%lx", ins.oprs[i].offset); > } > output[slen++] = ']'; > } else { >- slen += sprintf(output+slen, "<operand%d>", i); >+ slen += snprintf(output+slen, outbufsize-slen, "<operand%d>", i); > } > } > output[slen] = '\0'; >@@ -741,8 +741,8 @@ > return length; > } > >-long eatbyte (unsigned char *data, char *output) >+long eatbyte (unsigned char *data, char *output, int outbufsize) > { >- sprintf(output, "db 0x%02X", *data); >+ snprintf(output, outbufsize, "db 0x%02X", *data); > return 1; > } >--- ndisasm.c.orig 2002-04-30 17:04:18.000000000 -0400 >+++ ndisasm.c 2004-12-15 13:27:21.000000000 -0500 >@@ -243,10 +243,10 @@ > nextsync = next_sync (offset, &synclen); > } > while (p > q && (p - q >= INSN_MAX || lenread == 0)) { >- lendis = disasm (q, outbuf, bits, offset, autosync, prefer); >+ lendis = disasm (q, outbuf, sizeof(outbuf), bits, offset, autosync, prefer); > if (!lendis || lendis > (p - q) || > (unsigned long)lendis > nextsync-offset) >- lendis = eatbyte (q, outbuf); >+ lendis = eatbyte (q, outbuf, sizeof(outbuf)); > output_ins (offset, q, lendis, outbuf); > q += lendis; > offset += lendis; >--- listing.c.orig 2002-09-11 22:23:54.000000000 -0400 >+++ listing.c 2004-12-15 13:05:05.000000000 -0500 >@@ -192,7 +192,7 @@ > else if (typ == OUT_RESERVE) > { > char q[20]; >- sprintf(q, "<res %08lX>", size); >+ snprintf(q, sizeof(q), "<res %08lX>", size); > list_out (offset, q); > } > } >--- labels.c.orig 2003-09-07 20:30:40.000000000 -0400 >+++ labels.c 2004-12-15 13:03:20.000000000 -0500 >@@ -221,7 +221,7 @@ > slen += strlen(lpostfix); > slen++; /* room for that null char */ > xsymbol = nasm_malloc(slen); >- sprintf(xsymbol,"%s%s%s",lprefix,lptr->defn.label,lpostfix); >+ snprintf(xsymbol,slen,"%s%s%s",lprefix,lptr->defn.label,lpostfix); > > ofmt->symdef (xsymbol, segment, offset, exi, > special ? special : lptr->defn.special); >@@ -286,7 +286,7 @@ > slen += strlen(lpostfix); > slen++; /* room for that null char */ > xsymbol = nasm_malloc(slen); >- sprintf(xsymbol,"%s%s%s",lprefix,lptr->defn.label,lpostfix); >+ snprintf(xsymbol,slen,"%s%s%s",lprefix,lptr->defn.label,lpostfix); > > ofmt->symdef (xsymbol, segment, offset, exi, > special ? special : lptr->defn.special); >--- nasm.c.orig 2003-09-10 19:34:23.000000000 -0400 >+++ nasm.c 2004-12-15 12:10:25.000000000 -0500 >@@ -185,7 +185,7 @@ > /* define some macros dependent of command-line */ > { > char temp [64]; >- sprintf (temp, "__OUTPUT_FORMAT__=%s\n", ofmt->shortname); >+ snprintf (temp, sizeof(temp), "__OUTPUT_FORMAT__=%s\n", ofmt->shortname); > pp_pre_define (temp); > } > >--- disasm.h.orig 2002-04-30 16:56:44.000000000 -0400 >+++ disasm.h 2004-12-15 13:26:37.000000000 -0500 >@@ -11,8 +11,8 @@ > > #define INSN_MAX 32 /* one instruction can't be longer than this */ > >-long disasm (unsigned char *data, char *output, int segsize, long offset, >- int autosync, unsigned long prefer); >-long eatbyte (unsigned char *data, char *output); >+long disasm (unsigned char *data, char *output, int outbufsize, int segsize, >+ long offset, int autosync, unsigned long prefer); >+long eatbyte (unsigned char *data, char *output, int outbufsize); > > #endif
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 74477
:
46029
| 46130