asan: readelf: stack buffer overflow

	PR 26929
	* readelf.c (print_dynamic_symbol): Don't sprintf to buffer to
	find string length.

(cherry picked from commit ddb43bab174c50656331e5460b18bd8e8be5f522)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index a77c7a652767f2dec31d88808fe0fd766a099022..9dc7136863f2dcacd64ae662935aed086a65b78b 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,11 @@
+2020-11-22  Alan Modra  <amodra@gmail.com>
+
+       PR 26929
+       Apply from mainline
+       2020-07-06  Alan Modra  <amodra@gmail.com>
+       * readelf.c (print_dynamic_symbol): Don't sprintf to buffer to
+       find string length.
+
 2020-11-16  Mark Wielaard  <mark@klomp.org>
 
        Backport from the mainline:

diff --git a/binutils/readelf.c b/binutils/readelf.c
index 6057515a89bd211de9e06c43a1f1006fc1bf824c..41547a2594b5a0c5a2e840d29475ed3c0c30ecf2 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -12091,9 +12091,9 @@ print_dynamic_symbol (Filedata *filedata, unsigned long si,
   int len_avail = 21;
   if (! do_wide && version_string != NULL)
     {
-      char buffer[256];
+      char buffer[16];
 
-      len_avail -= sprintf (buffer, "@%s", version_string);
+      len_avail -= 1 + strlen (version_string);
 
       if (sym_info == symbol_undefined)
        len_avail -= sprintf (buffer," (%d)", vna_other);