diff options
| author | H. Peter Anvin <hpa@zytor.com> | 2009-07-05 22:15:57 -0700 |
|---|---|---|
| committer | H. Peter Anvin <hpa@zytor.com> | 2009-07-05 22:15:57 -0700 |
| commit | 565be91fb729611e8056face229d37d25bba360b (patch) | |
| tree | dd0aa00fadc522e34c058942813ac3d72a51d7fa /labels.c | |
| parent | 5cc5589b734a26d6c971c26a330371aedfe35f2c (diff) | |
| download | nasm-565be91fb729611e8056face229d37d25bba360b.tar.gz nasm-565be91fb729611e8056face229d37d25bba360b.tar.bz2 nasm-565be91fb729611e8056face229d37d25bba360b.zip | |
BR 2817225: don't overrun a permts buffer with a maximum label
BR 677841 was fixed backwards, with a reverse condition. Correct the
direction of the fix, and add an assert for the overflow condition.
Note: the bug was non-manifest in previous build, so this is not a
security issue.
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Diffstat (limited to 'labels.c')
| -rw-r--r-- | labels.c | 8 |
1 files changed, 5 insertions, 3 deletions
@@ -82,9 +82,9 @@ #define END_BLOCK -2 #define BOGUS_VALUE -4 -#define PERMTS_SIZE 4096 /* size of text blocks */ -#if (PERMTS_SIZE > IDLEN_MAX) -#error "IPERMTS_SIZE must be less than or equal to IDLEN_MAX" +#define PERMTS_SIZE 16384 /* size of text blocks */ +#if (PERMTS_SIZE < IDLEN_MAX) +#error "IPERMTS_SIZE must be greater than or equal to IDLEN_MAX" #endif /* values for label.defn.is_global */ @@ -481,6 +481,8 @@ static char *perm_copy(const char *string) char *p; int len = strlen(string)+1; + nasm_assert(len <= PERMTS_SIZE); + if (perm_tail->size - perm_tail->usage < len) { perm_tail->next = (struct permts *)nasm_malloc(sizeof(struct permts)); |