asan: readelf: stack buffer overflow
Alan Modra
amodra@gmail.com
Mon Jul 6 01:58:07 GMT 2020
git commit 0942c7ab94e introduced a weird way to find the length of
a string.
* readelf.c (print_dynamic_symbol): Don't sprintf to buffer to
find string length.
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 6057515a89..41547a2594 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -12091,9 +12091,9 @@ print_dynamic_symbol (Filedata *filedata, unsigned long si,
int len_avail = 21;
if (! do_wide && version_string != NULL)
{
- char buffer[256];
+ char buffer[16];
- len_avail -= sprintf (buffer, "@%s", version_string);
+ len_avail -= 1 + strlen (version_string);
if (sym_info == symbol_undefined)
len_avail -= sprintf (buffer," (%d)", vna_other);
--
Alan Modra
Australia Development Lab, IBM
More information about the Binutils
mailing list