BR 2817225: don't overrun a permts buffer with a maximum label

BR 677841 was fixed backwards, with a reverse condition. Correct the direction of the fix, and add an assert for the overflow condition. Note: the bug was non-manifest in previous build, so this is not a security issue. Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2025-03-19 18:00:23 +08:00 · 2009-07-05 22:15:57 -07:00 · 2009-07-05 22:15:57 -07:00 · 565be91fb7
commit 565be91fb7
parent 5cc5589b73
1 changed files with 5 additions and 3 deletions
--- a/labels.c
+++ b/labels.c
@ -82,9 +82,9 @@
 #define END_BLOCK -2
 #define BOGUS_VALUE -4

-#define PERMTS_SIZE  4096       /* size of text blocks */
-#if (PERMTS_SIZE > IDLEN_MAX)
-#error "IPERMTS_SIZE must be less than or equal to IDLEN_MAX"
+#define PERMTS_SIZE  16384	/* size of text blocks */
+#if (PERMTS_SIZE < IDLEN_MAX)
+#error "IPERMTS_SIZE must be greater than or equal to IDLEN_MAX"
 #endif

 /* values for label.defn.is_global */
@ -481,6 +481,8 @@ static char *perm_copy(const char *string)
    char *p;
    int len = strlen(string)+1;

+    nasm_assert(len <= PERMTS_SIZE);
+
    if (perm_tail->size - perm_tail->usage < len) {
        perm_tail->next =
            (struct permts *)nasm_malloc(sizeof(struct permts));