Prevent overflowing the selected_cpu_name buffer in the ARM assembler.

	* config/tc-arm.c (selected_cpu_name): Increase length of array to
	accomodate "Samsung Exynos M1".
	(arm_parse_cpu): Add assertion and length check to prevent
	overfilling selected_cpu_name.

diff --git a/gas/ChangeLog b/gas/ChangeLog
index 1b77b64..0dcabf6 100644 (file)
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,3 +1,10 @@
+2015-10-27  Jim Wilson  <jim.wilson@linaro.org>
+
+       * config/tc-arm.c (selected_cpu_name): Increase length of array to
+       accomodate "Samsung Exynos M1".
+       (arm_parse_cpu): Add assertion and length check to prevent
+       overfilling selected_cpu_name.
+
 2015-10-22  Nick Clifton  <nickc@redhat.com>
 
        * config/tc-msp430.c (PUSH_1X_WORKAROUND): Delete.

diff --git a/gas/config/tc-arm.c b/gas/config/tc-arm.c
index efc522a..14bebe8 100644 (file)
--- a/gas/config/tc-arm.c
+++ b/gas/config/tc-arm.c
@@ -266,7 +266,7 @@ static int mfloat_abi_opt = -1;
 /* Record user cpu selection for object attributes.  */
 static arm_feature_set selected_cpu = ARM_ARCH_NONE;
 /* Must be long enough to hold any of the names in arm_cpus.  */
-static char selected_cpu_name[16];
+static char selected_cpu_name[20];
 
 extern FLONUM_TYPE generic_floating_point_number;
 
@@ -25132,11 +25132,17 @@ arm_parse_cpu (char *str)
        mcpu_cpu_opt = &opt->value;
        mcpu_fpu_opt = &opt->default_fpu;
        if (opt->canonical_name)
-         strcpy (selected_cpu_name, opt->canonical_name);
+         {
+           gas_assert (sizeof selected_cpu_name > strlen (opt->canonical_name));
+           strcpy (selected_cpu_name, opt->canonical_name);
+         }
        else
          {
            size_t i;
 
+           if (len >= sizeof selected_cpu_name)
+             len = (sizeof selected_cpu_name) - 1;
+
            for (i = 0; i < len; i++)
              selected_cpu_name[i] = TOUPPER (opt->name[i]);
            selected_cpu_name[i] = 0;