From patchwork Thu Nov 28 21:10:59 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?q?Tim_R=C3=BChsen?= <tim.ruehsen@gmx.de>
X-Patchwork-Id: 1202288
Return-Path: 
 <gcc-patches-return-514801-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
	smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131;
	helo=sourceware.org;
	envelope-from=gcc-patches-return-514801-incoming=patchwork.ozlabs.org@gcc.gnu.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=gmx.de
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org
	header.b="DMH18S8C";
	dkim=fail reason="signature verification failed" (1024-bit key;
	secure) header.d=gmx.net header.i=@gmx.net header.b="L5AhUH2R";
	dkim-atps=neutral
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 47P9Lb52Bkz9sR7
	for <incoming@patchwork.ozlabs.org>;
	Fri, 29 Nov 2019 08:11:49 +1100 (AEDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:from
	:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding; q=dns; s=default; b=g8WngjIBRyUTb2U1
	+hfFL0arOstZqwwGUIHVTndJFcyH4rwcIDGxW9yN5Cs48HIk5+GDWtSJgaMz8UVH
	1SjL4Noysjc169s9HGJw+ypcOjigYdWqNnIjfBm7Fjdj8XQBiiKZBiNF1c3HoOYQ
	cT4DkT3JQPMVQWGA7al//mAr/wo=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:from
	:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding; s=default; bh=ZXfYCVfJmDilQgCSZwwfAe
	jW2X4=; b=DMH18S8C2EDzG6qBDJwqT9WCnfxsmDE/e5ddpDnUzj9ryTdju7cw0e
	73kvF4iU9z7r/yxA0e4Jz6bJ6HJtQOUxsdZ+a9jRtF5q6naagulVEUuo8R7aJUYg
	BWM3LbHe+0tpLttMH1c6XZeixLiLrG4jcCjaGukBV9W5rCGM9xv4w=
Received: (qmail 76921 invoked by alias); 28 Nov 2019 21:11:43 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org
Received: (qmail 76909 invoked by uid 89); 28 Nov 2019 21:11:42 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-21.5 required=5.0 tests=AWL, BAYES_00,
	FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2,
	GIT_PATCH_3, SPF_PASS autolearn=ham version=3.3.1 spammy=
X-HELO: mout.gmx.net
Received: from mout.gmx.net (HELO mout.gmx.net) (212.227.15.19) by
	sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP;
	Thu, 28 Nov 2019 21:11:41 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net;
	s=badeba3b8450; t=1574975498;
	bh=4LNLmq7d+OkZ3v1P3Zdi9dUt/Z+pYZY51AVmTZ9xQEw=;
	h=X-UI-Sender-Class:From:To:Cc:Subject:Date;
	b=L5AhUH2RW7i6B6ck7yIDQk9iks0H3KacHiNqY0RaR2QbKVvfZwROCK1HERX011zqp	
	3bbTateGm2lJt4paxHs51rnMJLZhue6YjpwZ6jbrZAzyuiG5iIL0TqKP7jCkntAcGV	
	nqjCyQMz7GQ5ZKn0yKFcvI+hMtpUqXvLEyh6mCik=
X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c
Received: from localhost.localdomain ([93.181.44.201]) by mail.gmx.com
	(mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id
	1MLiCo-1iIuDq2GGm-00Hbot; Thu, 28 Nov 2019 22:11:38 +0100
From: =?utf-8?q?Tim_R=C3=BChsen?= <tim.ruehsen@gmx.de>
To: gcc-patches@gcc.gnu.org
Cc: =?utf-8?q?Tim_R=C3=BChsen?= <tim.ruehsen@gmx.de>
Subject: [PATCH] [libiberty] Fix read buffer overflow in split_directories
Date: Thu, 28 Nov 2019 22:10:59 +0100
Message-Id: <20191128211059.1979123-1-tim.ruehsen@gmx.de>
MIME-Version: 1.0

An empty name param leads to read buffer overflow in
function split_directories.

* libiberty/make-relative-prefix.c (split_directories):
  Return early on empty name.
---
 libiberty/ChangeLog              | 7 +++++++
 libiberty/make-relative-prefix.c | 3 +++
 2 files changed, 10 insertions(+)

--
2.24.0

diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog
index b516903d94..b7e24d11ef 100644
--- a/libiberty/ChangeLog
+++ b/libiberty/ChangeLog
@@ -1,3 +1,10 @@
+2019-11-28  Tim Ruehsen  <tim.ruehsen@gmx.de>
+
+	Fix read buffer overflow in split_directories
+
+	* make-relative-prefix.c (split_directories):
+	Return early on empty 'name'
+
 2019-11-16  Tim Ruehsen  <tim.ruehsen@gmx.de>

 	Fix write buffer overflow in cplus_demangle()
diff --git a/libiberty/make-relative-prefix.c b/libiberty/make-relative-prefix.c
index ec0b0ee749..2ff2af8a59 100644
--- a/libiberty/make-relative-prefix.c
+++ b/libiberty/make-relative-prefix.c
@@ -122,6 +122,9 @@ split_directories (const char *name, int *ptr_num_dirs)
   const char *p, *q;
   int ch;

+  if (!*name)
+    return NULL;
+
   /* Count the number of directories.  Special case MSDOS disk names as part
      of the initial directory.  */
   p = name;