From: Mark Wielaard <mjw@redhat.com>
Date: Tue, 22 Apr 2014 21:26:34 +0000 (+0200)
Subject: readelf: handle_core_item make sure variable length array isn't zero size.
X-Git-Tag: elfutils-0.159~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7c680a24bcc1757c2b01152dd52fdbd55e7846bb;p=thirdparty%2Felfutils.git

readelf: handle_core_item make sure variable length array isn't zero size.

The printed array should have at least space for the terminating zero char.
Found by gcc -fsanitize=undefined while running run-readelf-vmcoreinfo.sh.
runtime error: variable length array bound evaluates to non-positive value 0

Signed-off-by: Mark Wielaard <mjw@redhat.com>
---

diff --git a/src/ChangeLog b/src/ChangeLog
index 874e2553e..28e52f94b 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2014-04-22  Mark Wielaard  <mjw@redhat.com>
+
+	* readelf.c (handle_core_item): Make sure variable length array
+	contains at least enough space for terminating zero char.
+
 2014-04-22  Mark Wielaard  <mjw@redhat.com>
 
 	* readelf.c (print_gdb_index_section): Use unsigned int for 31 bits
diff --git a/src/readelf.c b/src/readelf.c
index da1bf73ab..697a361b8 100644
--- a/src/readelf.c
+++ b/src/readelf.c
@@ -8128,7 +8128,7 @@ handle_core_item (Elf *core, const Ebl_Core_Item *item, const void *desc,
       const unsigned int bias = item->format == 'b';
 
       {
-	char printed[(negate ? nbits - pop : pop) * 16];
+	char printed[(negate ? nbits - pop : pop) * 16 + 1];
 	char *p = printed;
 	*p = '\0';