This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Fix nm potential buffer overflow


get_coff_symbol_type had a potenial buffer overflow even with
untranslated messages, warned by current gcc.  I was going to fix this
by increasing the buffer size but that solution fails when we have an
unexpectedly large translation.

	* nm.c (get_elf_symbol_type): Don't use sprintf with translated
	strings, use asprintf instead.
	(get_coff_symbol_type): Likewise.

diff --git a/binutils/nm.c b/binutils/nm.c
index 40e5053..1fdfae1 100644
--- a/binutils/nm.c
+++ b/binutils/nm.c
@@ -342,7 +342,8 @@ set_output_format (char *f)
 static const char *
 get_elf_symbol_type (unsigned int type)
 {
-  static char buff [32];
+  static char *bufp;
+  int n;
 
   switch (type)
     {
@@ -353,21 +354,25 @@ get_elf_symbol_type (unsigned int type)
     case STT_FILE:     return "FILE";
     case STT_COMMON:   return "COMMON";
     case STT_TLS:      return "TLS";
-    default:
-      if (type >= STT_LOPROC && type <= STT_HIPROC)
-	sprintf (buff, _("<processor specific>: %d"), type);
-      else if (type >= STT_LOOS && type <= STT_HIOS)
-	sprintf (buff, _("<OS specific>: %d"), type);
-      else
-	sprintf (buff, _("<unknown>: %d"), type);
-      return buff;
     }
+
+  free (bufp);
+  if (type >= STT_LOPROC && type <= STT_HIPROC)
+    n = asprintf (&bufp, _("<processor specific>: %d"), type);
+  else if (type >= STT_LOOS && type <= STT_HIOS)
+    n = asprintf (&bufp, _("<OS specific>: %d"), type);
+  else
+    n = asprintf (&bufp, _("<unknown>: %d"), type);
+  if (n < 0)
+    fatal ("%s", xstrerror (errno));
+  return bufp;
 }
 
 static const char *
 get_coff_symbol_type (const struct internal_syment *sym)
 {
-  static char buff [32];
+  static char *bufp;
+  int n;
 
   switch (sym->n_sclass)
     {
@@ -378,16 +383,19 @@ get_coff_symbol_type (const struct internal_syment *sym)
 
   if (!sym->n_type)
     return "None";
-    
+
   switch (DTYPE(sym->n_type))
     {
     case DT_FCN: return "Function";
     case DT_PTR: return "Pointer";
     case DT_ARY: return "Array";
     }
-  
-  sprintf (buff, _("<unknown>: %d/%d"), sym->n_sclass, sym->n_type);
-  return buff;
+
+  free (bufp);
+  n = asprintf (&bufp, _("<unknown>: %d/%d"), sym->n_sclass, sym->n_type);
+  if (n < 0)
+    fatal ("%s", xstrerror (errno));
+  return bufp;
 }
 
 /* Print symbol name NAME, read from ABFD, with printf format FORM,

-- 
Alan Modra
Australia Development Lab, IBM


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]