asan: readelf: stack buffer overflow

author Alan Modra <amodra@gmail.com>

Sun, 5 Jul 2020 23:30:29 +0000 (09:00 +0930)

committer Alan Modra <amodra@gmail.com>

Mon, 6 Jul 2020 02:00:06 +0000 (11:30 +0930)
author Alan Modra <amodra@gmail.com>
Sun, 5 Jul 2020 23:30:29 +0000 (09:00 +0930)
committer Alan Modra <amodra@gmail.com>
Mon, 6 Jul 2020 02:00:06 +0000 (11:30 +0930)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog

index ecb29c56741ef8f6e98955b32fd248928f67c883..d957af5f1c2268abde333fc3a661e25bdbb96b37 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,8 @@
+2020-07-06  Alan Modra  <amodra@gmail.com>
+
+       * readelf.c (print_dynamic_symbol): Don't sprintf to buffer to
+       find string length.
+
  2020-07-04  Nick Clifton  <nickc@redhat.com>
  
         * configure: Regenerate.
diff --git a/binutils/readelf.c b/binutils/readelf.c

index 6057515a89bd211de9e06c43a1f1006fc1bf824c..41547a2594b5a0c5a2e840d29475ed3c0c30ecf2 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -12091,9 +12091,9 @@ print_dynamic_symbol (Filedata *filedata, unsigned long si,
    int len_avail = 21;
    if (! do_wide && version_string != NULL)
      {
-      char buffer[256];
+      char buffer[16];
  
-      len_avail -= sprintf (buffer, "@%s", version_string);
+      len_avail -= 1 + strlen (version_string);
  
        if (sym_info == symbol_undefined)
         len_avail -= sprintf (buffer," (%d)", vna_other);
author	Alan Modra <amodra@gmail.com>
	Sun, 5 Jul 2020 23:30:29 +0000 (09:00 +0930)
committer	Alan Modra <amodra@gmail.com>
	Mon, 6 Jul 2020 02:00:06 +0000 (11:30 +0930)
binutils/ChangeLog		patch \| blob \| blame \| history
binutils/readelf.c		patch \| blob \| blame \| history