[nasm:nasm-2.15.xx] BR3392646: output/outobj.c: fix memory corruption in long object names

[nasm-bot for Cyrill Gorcunov]

Commit-ID:  f14552e5fb480b35bb25fe32e1cec935df4acaae
Gitweb:     http://repo.or.cz/w/nasm.git?a=commitdiff;h=f14552e5fb480b35bb25fe32e1cec935df4acaae
Author:     Cyrill Gorcunov <gorcunov at gmail.com>
AuthorDate: Tue, 18 Aug 2020 20:27:14 +0300
Committer:  Cyrill Gorcunov <gorcunov at gmail.com>
CommitDate: Tue, 18 Aug 2020 20:27:14 +0300

BR3392646: output/outobj.c: fix memory corruption in long object names

When we encode a name we put its length before it, the
storage is one byte width so the name can't be more
than UINT8_MAX (ie 255) bytes length.

Moreover if one provide a name more than RECORD_MAX then
we simply overwrite random memory.

Thus lets do as in other obj_check calls -- shrink the
size we gonna use. But unlike oter code lets yield a
warning as well.

Signed-off-by: Cyrill Gorcunov <gorcunov at gmail.com>


---
 output/outobj.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/output/outobj.c b/output/outobj.c
index 0d4d3110..f5ab7a24 100644
--- a/output/outobj.c
+++ b/output/outobj.c
@@ -424,6 +424,12 @@ static ObjRecord *obj_name(ObjRecord * orp, const char *name)
     int len = strlen(name);
     uint8_t *ptr;
 
+    if (len > UINT8_MAX) {
+        nasm_warn(WARN_OTHER, "cutting object name '%128s...' to %u bytes",
+                  name, UINT8_MAX);
+        len = UINT8_MAX;
+    }
+
     orp = obj_check(orp, len + 1);
     ptr = orp->buf + orp->used;
     *ptr++ = len;