On 05/16/2016 12:19 PM, Jakub Jelinek wrote:
On Mon, May 16, 2016 at 12:12:38PM -0600, Jeff Law wrote:
On 05/06/2016 09:19 AM, Jakub Jelinek wrote:
On Fri, May 06, 2016 at 11:11:29PM +0800, Marcel Böhme wrote:
+ dpi.copy_templates
+= (struct d_print_template *) malloc (((size_t)
On Mon, May 16, 2016 at 12:12:38PM -0600, Jeff Law wrote:
> On 05/06/2016 09:19 AM, Jakub Jelinek wrote:
> >On Fri, May 06, 2016 at 11:11:29PM +0800, Marcel Böhme wrote:
> >>+ dpi.copy_templates
> >>+= (struct d_print_template *) malloc (((size_t) dpi.num_copy_templates)
> >>+
On 05/06/2016 09:19 AM, Jakub Jelinek wrote:
On Fri, May 06, 2016 at 11:11:29PM +0800, Marcel Böhme wrote:
+ dpi.copy_templates
+= (struct d_print_template *) malloc (((size_t) dpi.num_copy_templates)
+ * sizeof (*dpi.copy_templates));
+ if (!
Hi Ian,
Stack overflows are a security concern and must be addressed. The Libiberty
demangler is part of several tools, including binutils, gdb, valgrind, and many
other libbfd-based tools that are used by the security community for the
analysis of program binaries. Without a patch, the
On Fri, May 6, 2016 at 2:51 AM, Jakub Jelinek wrote:
>
> Anyway, perhaps I'm misremembering, if there is a mode that really can't
> fail due to allocation failures or not, we need to deal with that.
> Ian or Jason, can all the demangle users allocate heap memory or not?
> And,
On Sat, May 07, 2016 at 12:05:11AM +0800, Marcel Böhme wrote:
> This patch also removes the following part of the comment for method
> cplus_demangle_print_callback:
> "It does not use heap memory to build an output string, so cannot encounter
> memory allocation failure”.
But that exactly is
Hi,
This patch also removes the following part of the comment for method
cplus_demangle_print_callback:
"It does not use heap memory to build an output string, so cannot encounter
memory allocation failure”.
> On 6 May 2016, at 11:11 PM, Marcel Böhme wrote:
>
>
>>
On Fri, May 06, 2016 at 11:11:29PM +0800, Marcel Böhme wrote:
> + dpi.copy_templates
> += (struct d_print_template *) malloc (((size_t) dpi.num_copy_templates)
> + * sizeof (*dpi.copy_templates));
> + if (! dpi.copy_templates)
> +{
> +
> If one malloc succeeds and the other fails, you leak memory.
>
> Jakub
Nice catch. Thanks!
Bootstrapped and regression tested on x86_64-pc-linux-gnu.
Best - Marcel
Index: libiberty/ChangeLog
===
--- libiberty/ChangeLog
On Fri, May 06, 2016 at 10:46:12PM +0800, Marcel Böhme wrote:
>d_print_init (, callback, opaque, dc);
>
> - {
> -#ifdef CP_DYNAMIC_ARRAYS
> -__extension__ struct d_saved_scope scopes[dpi.num_saved_scopes];
> -__extension__ struct d_print_template temps[dpi.num_copy_templates];
> +
Hi Jakub,
> On 6 May 2016, at 5:51 PM, Jakub Jelinek wrote:
>>
>
> If you just want an array, restricting the size including the sizeof
> to fit into int makes no sense, you want to guard it against overflows
> during the multiplication.
Okay, done. (Someone might want to
On Fri, May 06, 2016 at 05:01:14PM +0800, Marcel Böhme wrote:
> The patch that is attached now is bootstrapped and regression tested on
> x86_64-pc-linux-gnu.
>
> >
> > This file is used not just in the various tools like binutils or gdb, but
> > also in libstdc++, where it used e.g. in the
Hi Jakub,
The patch that is attached now is bootstrapped and regression tested on
x86_64-pc-linux-gnu.
>
> This file is used not just in the various tools like binutils or gdb, but
> also in libstdc++, where it used e.g. in the std::terminate handler,
> which I think can't just xmalloc_failed,
On Fri, May 06, 2016 at 02:14:31PM +0800, Marcel Böhme wrote:
> * the stack overflow reported in PR68159 in cplus_demangle_print_callback,
> * a potential stack overflow in d_demangle_callback
> * a potential stack overflow in is_ctor_or_dtor, and
> * six potential buffer overflows (initialise
Hi,
This patches fixes
* the stack overflow reported in PR68159 in cplus_demangle_print_callback,
* a potential stack overflow in d_demangle_callback
* a potential stack overflow in is_ctor_or_dtor, and
* six potential buffer overflows (initialise less memory than needed due to
integer
15 matches
Mail list logo