Ticket #812: binutils-2.16.1-fortify-20050708.diff

File binutils-2.16.1-fortify-20050708.diff, 2.1 KB (added by Ralf Corsepius, on 12/03/06 at 13:31:13)

binutils-2.16.1-fortify-20050708.diff

  • binutils-2.16.1/bfd/archive.c

     
    13081308#define getgid() 0
    13091309#endif
    13101310
     1311static void print_ar_size( struct ar_hdr* hdr, int val )
     1312{
     1313  char buffer[sizeof(hdr->ar_size)+1];
     1314  sprintf(buffer,"%-10d", val);
     1315  memcpy(hdr->ar_size,buffer,sizeof(hdr->ar_size));
     1316}
     1317
    13111318/* Takes a filename, returns an arelt_data for it, or NULL if it can't
    13121319   make one.  The filename must refer to a filename in the filesystem.
    13131320   The filename field of the ar_hdr will NOT be initialized.  If member
     
    13681375#endif
    13691376  sprintf ((hdr->ar_gid), "%ld", (long) status.st_gid);
    13701377  sprintf ((hdr->ar_mode), "%-8o", (unsigned int) status.st_mode);
    1371   sprintf ((hdr->ar_size), "%-10ld", (long) status.st_size);
     1378  print_ar_size(hdr, (long) status.st_size);
    13721379  /* Correct for a lossage in sprintf whereby it null-terminates.  I cannot
    13731380     understand how these C losers could design such a ramshackle bunch of
    13741381     IO operations.  */
     
    16601667      memset (&hdr, 0, sizeof (struct ar_hdr));
    16611668      strcpy (hdr.ar_name, ename);
    16621669      /* Round size up to even number in archive header.  */
    1663       sprintf (&(hdr.ar_size[0]), "%-10d",
     1670      print_ar_size(&hdr,
    16641671               (int) ((elength + 1) & ~(bfd_size_type) 1));
    16651672      strncpy (hdr.ar_fmag, ARFMAG, 2);
    16661673      for (i = 0; i < sizeof (struct ar_hdr); i++)
     
    19131920  sprintf (hdr.ar_date, "%ld", bfd_ardata (arch)->armap_timestamp);
    19141921  sprintf (hdr.ar_uid, "%ld", (long) getuid ());
    19151922  sprintf (hdr.ar_gid, "%ld", (long) getgid ());
    1916   sprintf (hdr.ar_size, "%-10d", (int) mapsize);
     1923  print_ar_size(&hdr, (int) mapsize);
    19171924  strncpy (hdr.ar_fmag, ARFMAG, 2);
    19181925  for (i = 0; i < sizeof (struct ar_hdr); i++)
    19191926    if (((char *) (&hdr))[i] == '\0')
     
    20682075
    20692076  memset (&hdr, 0, sizeof (struct ar_hdr));
    20702077  hdr.ar_name[0] = '/';
    2071   sprintf (hdr.ar_size, "%-10d", (int) mapsize);
     2078  print_ar_size (&hdr, (int) mapsize);
    20722079  sprintf (hdr.ar_date, "%ld", (long) time (NULL));
    20732080  /* This, at least, is what Intel coff sets the values to.  */
    20742081  sprintf ((hdr.ar_uid), "%d", 0);