asan: readelf: stack buffer overflow

Message ID 20200706015806.GC28359@bubble.grove.modra.org
State New
Headers show
Series
  • asan: readelf: stack buffer overflow
Related show

Commit Message

Alan Modra via Binutils July 6, 2020, 1:58 a.m.
git commit 0942c7ab94e introduced a weird way to find the length of
a string.

	* readelf.c (print_dynamic_symbol): Don't sprintf to buffer to
	find string length.


-- 
Alan Modra
Australia Development Lab, IBM

Patch

diff --git a/binutils/readelf.c b/binutils/readelf.c
index 6057515a89..41547a2594 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -12091,9 +12091,9 @@  print_dynamic_symbol (Filedata *filedata, unsigned long si,
   int len_avail = 21;
   if (! do_wide && version_string != NULL)
     {
-      char buffer[256];
+      char buffer[16];
 
-      len_avail -= sprintf (buffer, "@%s", version_string);
+      len_avail -= 1 + strlen (version_string);
 
       if (sym_info == symbol_undefined)
 	len_avail -= sprintf (buffer," (%d)", vna_other);