On Tue, Oct 25, 2011 at 06:13:11PM +0200, Pascal Stumpf wrote:
> On Sat, 15 Oct 2011 19:33:22 +0200, Pascal Stumpf wrote:
> > Oh, and I just checked: This bug even is in src binutils (both 2.15 and
> > 2.17), just nobody noticed because -Werror isn't used there (but it
> > probably should be fixed there too, right?).
> >
> >
>
> Upstream fix is here. Attached are patches for devel/gdb, devel/libbfd
> and base binutils 2.15 and 2.17 (permission to use under GPLv2 has been
> granted, thanks to nickc at redhat dot com).
>
>
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/devel/libbfd/Makefile,v
> retrieving revision 1.6
> diff -u -p -r1.6 Makefile
> --- Makefile 27 Sep 2011 21:38:42 -0000 1.6
> +++ Makefile 25 Oct 2011 14:08:53 -0000
> @@ -5,7 +5,7 @@ COMMENT= GNU Binary File Descriptor libr
> VER= 2.20
> DISTNAME= binutils-${VER}
> PKGNAME= libbfd-${VER}
> -REVISION= 1
> +REVISION= 2
> EXTRACT_SUFX= .tar.bz2
>
> HOMEPAGE= http://www.gnu.org/software/binutils/
> @@ -26,8 +26,7 @@ MASTER_SITES= ${MASTER_SITE_GNU:=binutil
> USE_LIBTOOL= Yes
> LIBTOOL_FLAGS= --tag=disable-shared
> CONFIGURE_ARGS+= --disable-nls \
> - --disable-shared \
> - --disable-werror
> + --disable-shared
>
> WRKSRC=${WRKDIR}/${DISTNAME}/bfd
>
> Index: patches/patch-bfd_peXXigen_c
> ===================================================================
> RCS file: patches/patch-bfd_peXXigen_c
> diff -N patches/patch-bfd_peXXigen_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-bfd_peXXigen_c 25 Oct 2011 14:08:53 -0000
> @@ -0,0 +1,22 @@
> +$OpenBSD$
> +fix out-of-bounds memcpys
> +--- bfd/peXXigen.c.orig Tue Oct 25 16:03:53 2011
> ++++ bfd/peXXigen.c Tue Oct 25 16:04:25 2011
> +@@ -248,7 +248,7 @@ _bfd_XXi_swap_aux_in (bfd * abfd,
> + in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
> + }
> + else
> +- memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
> ++ memcpy (in->x_file.x_fname, ext->x_file.x_fname, sizeof
> in->x_file.x_fname);
> + return;
> +
> + case C_STAT:
> +@@ -322,7 +322,7 @@ _bfd_XXi_swap_aux_out (bfd * abfd,
> + H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
> + }
> + else
> +- memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
> ++ memcpy (ext->x_file.x_fname, in->x_file.x_fname, sizeof
> ext->x_file.x_fname);
> +
> + return AUXESZ;
> +
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/devel/gdb/Makefile,v
> retrieving revision 1.10
> diff -u -p -r1.10 Makefile
> --- Makefile 27 Sep 2011 20:26:45 -0000 1.10
> +++ Makefile 25 Oct 2011 14:09:02 -0000
> @@ -4,7 +4,7 @@ COMMENT= GNU debugger
> CATEGORIES= devel
>
> DISTNAME= gdb-7.2
> -REVISION= 1
> +REVISION= 2
>
> MASTER_SITES= ${MASTER_SITE_GNU:=gdb/} \
> http://distfiles.nl/
> Index: patches/patch-bfd_peXXigen_c
> ===================================================================
> RCS file: patches/patch-bfd_peXXigen_c
> diff -N patches/patch-bfd_peXXigen_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-bfd_peXXigen_c 25 Oct 2011 14:09:02 -0000
> @@ -0,0 +1,22 @@
> +$OpenBSD$
> +Fix out-of-bounds memcpys (FILNMLEN is 18, sizeof x_fname is 14).
> +--- bfd/peXXigen.c.orig Tue Oct 25 15:31:49 2011
> ++++ bfd/peXXigen.c Tue Oct 25 15:32:39 2011
> +@@ -249,7 +249,7 @@ _bfd_XXi_swap_aux_in (bfd * abfd,
> + in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
> + }
> + else
> +- memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
> ++ memcpy (in->x_file.x_fname, ext->x_file.x_fname, sizeof
> in->x_file.x_fname);
> + return;
> +
> + case C_STAT:
> +@@ -323,7 +323,7 @@ _bfd_XXi_swap_aux_out (bfd * abfd,
> + H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
> + }
> + else
> +- memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
> ++ memcpy (ext->x_file.x_fname, in->x_file.x_fname, sizeof
> ext->x_file.x_fname);
> +
> + return AUXESZ;
> +
> Index: peXXigen.c
> ===================================================================
> RCS file: /cvs/src/gnu/usr.bin/binutils/bfd/peXXigen.c,v
> retrieving revision 1.4
> diff -u -r1.4 peXXigen.c
> --- peXXigen.c 2 Nov 2004 20:45:11 -0000 1.4
> +++ peXXigen.c 25 Oct 2011 14:16:35 -0000
> @@ -271,7 +271,7 @@
> in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
> }
> else
> - memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
> + memcpy (in->x_file.x_fname, ext->x_file.x_fname, sizeof
> in->x_file.x_fname);
> return;
>
> case C_STAT:
> @@ -344,7 +344,7 @@
> H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
> }
> else
> - memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
> + memcpy (ext->x_file.x_fname, in->x_file.x_fname, sizeof
> ext->x_file.x_fname);
>
> return AUXESZ;
>
> Index: peXXigen.c
> ===================================================================
> RCS file: /cvs/src/gnu/usr.bin/binutils-2.17/bfd/peXXigen.c,v
> retrieving revision 1.1.1.1
> diff -u -r1.1.1.1 peXXigen.c
> --- peXXigen.c 24 Apr 2011 20:14:42 -0000 1.1.1.1
> +++ peXXigen.c 25 Oct 2011 14:17:23 -0000
> @@ -235,7 +235,7 @@
> in->x_file.x_n.x_offset = H_GET_32 (abfd, ext->x_file.x_n.x_offset);
> }
> else
> - memcpy (in->x_file.x_fname, ext->x_file.x_fname, FILNMLEN);
> + memcpy (in->x_file.x_fname, ext->x_file.x_fname, sizeof
> in->x_file.x_fname);
> return;
>
> case C_STAT:
> @@ -308,7 +308,7 @@
> H_PUT_32 (abfd, in->x_file.x_n.x_offset, ext->x_file.x_n.x_offset);
> }
> else
> - memcpy (ext->x_file.x_fname, in->x_file.x_fname, FILNMLEN);
> + memcpy (ext->x_file.x_fname, in->x_file.x_fname, sizeof
> ext->x_file.x_fname);
>
> return AUXESZ;
>
I'm a bit perplexed they didn't go any deeper wrt the names being
multiply defined, but this fix definitely fixes the problem at hand, so
I'm okay with it.
kettenis ? miod ?
