From 57bd66cabf6e6b9ecf622cdbf350804897a8df58 Mon Sep 17 00:00:00 2001
From: Roland McGrath <roland@hack.frob.com>
Date: Tue, 11 Dec 2012 09:42:07 -0800
Subject: [PATCH] nm: Fix size passed to snprintf for invalid sh_name case.

Signed-off-by: Roland McGrath <roland@hack.frob.com>
---
 src/ChangeLog | 6 ++++++
 src/nm.c      | 5 +++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/ChangeLog b/src/ChangeLog
index 9f0c525ac..f08ee0848 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2012-12-11  Roland McGrath  <roland@hack.frob.com>
+
+	* nm.c (show_symbols_sysv): Fix size passed to snprintf for invalid
+	sh_name case.
+	Reported by David Abdurachmanov <David.Abdurachmanov@cern.ch>.
+
 2012-10-16  Mark Wielaard  <mjw@redhat.com>
 
 	* readelf.c (print_ops): DW_OP_skip and DW_OP_bra targets are
diff --git a/src/nm.c b/src/nm.c
index f50da0b1e..8a1c57a49 100644
--- a/src/nm.c
+++ b/src/nm.c
@@ -769,8 +769,9 @@ show_symbols_sysv (Ebl *ebl, GElf_Word strndx, const char *fullname,
 			       gelf_getshdr (scn, &shdr_mem)->sh_name);
       if (unlikely (name == NULL))
 	{
-	  name = alloca (sizeof "[invalid sh_name 0x12345678]");
-	  snprintf (name, sizeof name, "[invalid sh_name %#" PRIx32 "]",
+          const size_t bufsz = sizeof "[invalid sh_name 0x12345678]"
+	  name = alloca (bufsz);
+	  snprintf (name, bufsz, "[invalid sh_name %#" PRIx32 "]",
 		    gelf_getshdr (scn, &shdr_mem)->sh_name);
 	}
       scnnames[elf_ndxscn (scn)] = name;
-- 
2.47.2