PR24225, nios2 buffer overflow

PR 24225 * elf32-nios2.c (nios2_elf32_relocate_section): Use asprintf and PRIx64 to generate warning messages. Print local sym names too.
2019-02-18 11:57:22 +10:30 · 2019-02-18 11:57:22 +10:30 · a31b8bd9a0
parent d57e4f2b86
commit a31b8bd9a0
2 changed files with 27 additions and 10 deletions
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@ -1,3 +1,9 @@
+2019-02-18  Alan Modra  <amodra@gmail.com>
+
+	PR 24225
+	* elf32-nios2.c (nios2_elf32_relocate_section): Use asprintf and
+	PRIx64 to generate warning messages.  Print local sym names too.
+
 2019-02-09  Vineet Gupta  <vgupta@synopsys.com>

 	* elf32-arc (INIT_SYM_STRING): Delete.
--- a/bfd/elf32-nios2.c
+++ b/bfd/elf32-nios2.c
@ -3720,8 +3720,8 @@ nios2_elf32_relocate_section (bfd *output_bfd,
      const char *name = NULL;
      int r_type;
      const char *format;
-      char msgbuf[256];
-      const char* msg = (const char*) NULL;
+      char *msgbuf = NULL;
+      char *msg = NULL;
      bfd_boolean unresolved_reloc;
      bfd_vma off;
      int use_plt;
@ -3820,8 +3820,8 @@ nios2_elf32_relocate_section (bfd *output_bfd,
 		    reloc_address = 0;

 		  format = _("global pointer relative relocation at address "
-			     "0x%08x when _gp not defined\n");
-		  sprintf (msgbuf, format, reloc_address);
+			     "%#" PRIx64 " when _gp not defined\n");
+		  asprintf (&msgbuf, format, (uint64_t) reloc_address);
 		  msg = msgbuf;
 		  r = bfd_reloc_dangerous;
 		}
@ -3838,13 +3838,22 @@ nios2_elf32_relocate_section (bfd *output_bfd,
 		    {
 		      if (h)
 			name = h->root.root.string;
+		      else
+			{
+			  name = (bfd_elf_string_from_elf_section
+				  (input_bfd, symtab_hdr->sh_link,
+				   sym->st_name));
+			  if (name == NULL || *name == '\0')
+			    name = bfd_section_name (input_bfd, sec);
+			}
 		      /* xgettext:c-format */
-		      format = _("unable to reach %s (at 0x%08x) from the "
-				 "global pointer (at 0x%08x) because the "
-				 "offset (%d) is out of the allowed range, "
-				 "-32678 to 32767\n" );
-		      sprintf (msgbuf, format, name, symbol_address, gp,
-			       (signed)relocation);
+		      format = _("unable to reach %s (at %#" PRIx64 ") from "
+				 "the global pointer (at %#" PRIx64 ") "
+				 "because the offset (%" PRId64 ") is out of "
+				 "the allowed range, -32678 to 32767\n" );
+		      asprintf (&msgbuf, format, name,
+				(uint64_t) symbol_address, (uint64_t) gp,
+				(int64_t) relocation);
 		      msg = msgbuf;
 		      r = bfd_reloc_outofrange;
 		    }
@ -4515,6 +4524,8 @@ nios2_elf32_relocate_section (bfd *output_bfd,
 	    {
 	      (*info->callbacks->warning) (info, msg, name, input_bfd,
 					   input_section, rel->r_offset);
+	      if (msgbuf)
+		free (msgbuf);
 	      return FALSE;
 	    }
 	}