asan: readelf: stack buffer overflow

* readelf.c (print_dynamic_symbol): Don't sprintf to buffer to find string length.
author: Alan Modra <amodra@gmail.com> 2020-07-06 09:00:29 +0930
committer: Alan Modra <amodra@gmail.com> 2020-07-06 11:30:06 +0930
commit: ddb43bab174c50656331e5460b18bd8e8be5f522 (patch)
tree: 56abcfacedf24c89f7ed9f8728d1f7e5d5d83f34
parent: c56374d118209b8d9fe4caccf595710dd6198a60 (diff)
download: gdb-ddb43bab174c50656331e5460b18bd8e8be5f522.zip
gdb-ddb43bab174c50656331e5460b18bd8e8be5f522.tar.gz
gdb-ddb43bab174c50656331e5460b18bd8e8be5f522.tar.bz2
2 files changed, 7 insertions, 2 deletions
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index ecb29c5..d957af5 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,8 @@
+2020-07-06  Alan Modra  <amodra@gmail.com>
+
+	* readelf.c (print_dynamic_symbol): Don't sprintf to buffer to
+	find string length.
+
 2020-07-04  Nick Clifton  <nickc@redhat.com>
 
 	* configure: Regenerate.
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 6057515..41547a2 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -12091,9 +12091,9 @@ print_dynamic_symbol (Filedata *filedata, unsigned long si,
   int len_avail = 21;
   if (! do_wide && version_string != NULL)
     {
-      char buffer[256];
+      char buffer[16];
 
-      len_avail -= sprintf (buffer, "@%s", version_string);
+      len_avail -= 1 + strlen (version_string);
 
       if (sym_info == symbol_undefined)
 	len_avail -= sprintf (buffer," (%d)", vna_other);
author	Alan Modra <amodra@gmail.com>	2020-07-06 09:00:29 +0930
committer	Alan Modra <amodra@gmail.com>	2020-07-06 11:30:06 +0930
commit	ddb43bab174c50656331e5460b18bd8e8be5f522 (patch)
tree	56abcfacedf24c89f7ed9f8728d1f7e5d5d83f34
parent	c56374d118209b8d9fe4caccf595710dd6198a60 (diff)
download	gdb-ddb43bab174c50656331e5460b18bd8e8be5f522.zip gdb-ddb43bab174c50656331e5460b18bd8e8be5f522.tar.gz gdb-ddb43bab174c50656331e5460b18bd8e8be5f522.tar.bz2