BR 2817225: don't overrun a permts buffer with a maximum label

BR 677841 was fixed backwards, with a reverse condition. Correct the direction of the fix, and add an assert for the overflow condition. Note: the bug was non-manifest in previous build, so this is not a security issue. Signed-off-by: H. Peter Anvin <hpa@zytor.com>
author: H. Peter Anvin <hpa@zytor.com> 2009-07-05 22:15:57 -0700
committer: H. Peter Anvin <hpa@zytor.com> 2009-07-05 22:15:57 -0700
commit: 565be91fb729611e8056face229d37d25bba360b (patch)
tree: dd0aa00fadc522e34c058942813ac3d72a51d7fa
parent: 5cc5589b734a26d6c971c26a330371aedfe35f2c (diff)
download: nasm-565be91fb729611e8056face229d37d25bba360b.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/labels.c b/labels.c
index 88eb46d5..3654f472 100644
--- a/labels.c
+++ b/labels.c
@@ -82,9 +82,9 @@
 #define END_BLOCK -2
 #define BOGUS_VALUE -4
 
-#define PERMTS_SIZE  4096       /* size of text blocks */
-#if (PERMTS_SIZE > IDLEN_MAX)
-#error "IPERMTS_SIZE must be less than or equal to IDLEN_MAX"
+#define PERMTS_SIZE  16384	/* size of text blocks */
+#if (PERMTS_SIZE < IDLEN_MAX)
+#error "IPERMTS_SIZE must be greater than or equal to IDLEN_MAX"
 #endif
 
 /* values for label.defn.is_global */
@@ -481,6 +481,8 @@ static char *perm_copy(const char *string)
     char *p;
     int len = strlen(string)+1;
 
+    nasm_assert(len <= PERMTS_SIZE);
+
     if (perm_tail->size - perm_tail->usage < len) {
         perm_tail->next =
             (struct permts *)nasm_malloc(sizeof(struct permts));
author	H. Peter Anvin <hpa@zytor.com>	2009-07-05 22:15:57 -0700
committer	H. Peter Anvin <hpa@zytor.com>	2009-07-05 22:15:57 -0700
commit	565be91fb729611e8056face229d37d25bba360b (patch)
tree	dd0aa00fadc522e34c058942813ac3d72a51d7fa
parent	5cc5589b734a26d6c971c26a330371aedfe35f2c (diff)
download	nasm-565be91fb729611e8056face229d37d25bba360b.tar.gz