From a31b8bd9a054b494fd6ab18f14d84a2f0690f8a1 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Mon, 18 Feb 2019 11:57:22 +1030
Subject: [PATCH] PR24225, nios2 buffer overflow

	PR 24225
	* elf32-nios2.c (nios2_elf32_relocate_section): Use asprintf and
	PRIx64 to generate warning messages.  Print local sym names too.
---
 bfd/ChangeLog     |  6 ++++++
 bfd/elf32-nios2.c | 31 +++++++++++++++++++++----------
 2 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 833f7f9..d173adc 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2019-02-18  Alan Modra  <amodra@gmail.com>
+
+	PR 24225
+	* elf32-nios2.c (nios2_elf32_relocate_section): Use asprintf and
+	PRIx64 to generate warning messages.  Print local sym names too.
+
 2019-02-09  Vineet Gupta  <vgupta@synopsys.com>
 
 	* elf32-arc (INIT_SYM_STRING): Delete.
diff --git a/bfd/elf32-nios2.c b/bfd/elf32-nios2.c
index e9ce9e9..b0f200d 100644
--- a/bfd/elf32-nios2.c
+++ b/bfd/elf32-nios2.c
@@ -3720,8 +3720,8 @@ nios2_elf32_relocate_section (bfd *output_bfd,
       const char *name = NULL;
       int r_type;
       const char *format;
-      char msgbuf[256];
-      const char* msg = (const char*) NULL;
+      char *msgbuf = NULL;
+      char *msg = NULL;
       bfd_boolean unresolved_reloc;
       bfd_vma off;
       int use_plt;
@@ -3820,8 +3820,8 @@ nios2_elf32_relocate_section (bfd *output_bfd,
 		    reloc_address = 0;
 
 		  format = _("global pointer relative relocation at address "
-			     "0x%08x when _gp not defined\n");
-		  sprintf (msgbuf, format, reloc_address);
+			     "%#" PRIx64 " when _gp not defined\n");
+		  asprintf (&msgbuf, format, (uint64_t) reloc_address);
 		  msg = msgbuf;
 		  r = bfd_reloc_dangerous;
 		}
@@ -3838,13 +3838,22 @@ nios2_elf32_relocate_section (bfd *output_bfd,
 		    {
 		      if (h)
 			name = h->root.root.string;
+		      else
+			{
+			  name = (bfd_elf_string_from_elf_section
+				  (input_bfd, symtab_hdr->sh_link,
+				   sym->st_name));
+			  if (name == NULL || *name == '\0')
+			    name = bfd_section_name (input_bfd, sec);
+			}
 		      /* xgettext:c-format */
-		      format = _("unable to reach %s (at 0x%08x) from the "
-				 "global pointer (at 0x%08x) because the "
-				 "offset (%d) is out of the allowed range, "
-				 "-32678 to 32767\n" );
-		      sprintf (msgbuf, format, name, symbol_address, gp,
-			       (signed)relocation);
+		      format = _("unable to reach %s (at %#" PRIx64 ") from "
+				 "the global pointer (at %#" PRIx64 ") "
+				 "because the offset (%" PRId64 ") is out of "
+				 "the allowed range, -32678 to 32767\n" );
+		      asprintf (&msgbuf, format, name,
+				(uint64_t) symbol_address, (uint64_t) gp,
+				(int64_t) relocation);
 		      msg = msgbuf;
 		      r = bfd_reloc_outofrange;
 		    }
@@ -4515,6 +4524,8 @@ nios2_elf32_relocate_section (bfd *output_bfd,
 	    {
 	      (*info->callbacks->warning) (info, msg, name, input_bfd,
 					   input_section, rel->r_offset);
+	      if (msgbuf)
+		free (msgbuf);
 	      return FALSE;
 	    }
 	}
-- 
2.7.4