PR25745, powerpc64-ld overflows string buffer in --stats mode

Message ID 20200329230429.GV4583@bubble.grove.modra.org
State New
Headers show
Series
  • PR25745, powerpc64-ld overflows string buffer in --stats mode
Related show

Commit Message

Stefan Schulze Frielinghaus via Binutils March 29, 2020, 11:04 p.m.
Translated strings can take a lot more space.

	PR 25745
	* elf64-ppc.c (ppc64_elf_build_stubs): Use asprintf to form
	statistics message.


-- 
Alan Modra
Australia Development Lab, IBM

Patch

diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c
index 7f7e190ce2..945f83c7e6 100644
--- a/bfd/elf64-ppc.c
+++ b/bfd/elf64-ppc.c
@@ -14557,42 +14557,46 @@  ppc64_elf_build_stubs (struct bfd_link_info *info,
 
   if (stats != NULL)
     {
-      size_t len;
-      *stats = bfd_malloc (500);
-      if (*stats == NULL)
-	return FALSE;
-
-      len = sprintf (*stats,
-		     ngettext ("linker stubs in %u group\n",
-			       "linker stubs in %u groups\n",
-			       stub_sec_count),
-		     stub_sec_count);
-      sprintf (*stats + len, _("  branch         %lu\n"
-			       "  branch toc adj %lu\n"
-			       "  branch notoc   %lu\n"
-			       "  branch both    %lu\n"
-			       "  long branch    %lu\n"
-			       "  long toc adj   %lu\n"
-			       "  long notoc     %lu\n"
-			       "  long both      %lu\n"
-			       "  plt call       %lu\n"
-			       "  plt call save  %lu\n"
-			       "  plt call notoc %lu\n"
-			       "  plt call both  %lu\n"
-			       "  global entry   %lu"),
-	       htab->stub_count[ppc_stub_long_branch - 1],
-	       htab->stub_count[ppc_stub_long_branch_r2off - 1],
-	       htab->stub_count[ppc_stub_long_branch_notoc - 1],
-	       htab->stub_count[ppc_stub_long_branch_both - 1],
-	       htab->stub_count[ppc_stub_plt_branch - 1],
-	       htab->stub_count[ppc_stub_plt_branch_r2off - 1],
-	       htab->stub_count[ppc_stub_plt_branch_notoc - 1],
-	       htab->stub_count[ppc_stub_plt_branch_both - 1],
-	       htab->stub_count[ppc_stub_plt_call - 1],
-	       htab->stub_count[ppc_stub_plt_call_r2save - 1],
-	       htab->stub_count[ppc_stub_plt_call_notoc - 1],
-	       htab->stub_count[ppc_stub_plt_call_both - 1],
-	       htab->stub_count[ppc_stub_global_entry - 1]);
+      char *groupmsg;
+      if (asprintf (&groupmsg,
+		    ngettext ("linker stubs in %u group\n",
+			      "linker stubs in %u groups\n",
+			      stub_sec_count),
+		    stub_sec_count) < 0)
+	*stats = NULL;
+      else
+	{
+	  if (asprintf (stats, _("%s"
+				 "  branch         %lu\n"
+				 "  branch toc adj %lu\n"
+				 "  branch notoc   %lu\n"
+				 "  branch both    %lu\n"
+				 "  long branch    %lu\n"
+				 "  long toc adj   %lu\n"
+				 "  long notoc     %lu\n"
+				 "  long both      %lu\n"
+				 "  plt call       %lu\n"
+				 "  plt call save  %lu\n"
+				 "  plt call notoc %lu\n"
+				 "  plt call both  %lu\n"
+				 "  global entry   %lu"),
+			groupmsg,
+			htab->stub_count[ppc_stub_long_branch - 1],
+			htab->stub_count[ppc_stub_long_branch_r2off - 1],
+			htab->stub_count[ppc_stub_long_branch_notoc - 1],
+			htab->stub_count[ppc_stub_long_branch_both - 1],
+			htab->stub_count[ppc_stub_plt_branch - 1],
+			htab->stub_count[ppc_stub_plt_branch_r2off - 1],
+			htab->stub_count[ppc_stub_plt_branch_notoc - 1],
+			htab->stub_count[ppc_stub_plt_branch_both - 1],
+			htab->stub_count[ppc_stub_plt_call - 1],
+			htab->stub_count[ppc_stub_plt_call_r2save - 1],
+			htab->stub_count[ppc_stub_plt_call_notoc - 1],
+			htab->stub_count[ppc_stub_plt_call_both - 1],
+			htab->stub_count[ppc_stub_global_entry - 1]) < 0)
+	    *stats = NULL;
+	  free (groupmsg);
+	}
     }
   return TRUE;
 }