Dears, I am writing to bring to your attention a potential issue in the function *dump_relocations *in the software* readelf.c.*
The function includes a declaration of a fixed-sized buffer, *char name_buf[40];*, which is used later in the function with the *sprintf* function:* sprintf* (*name_buf*, "<section 0x%x>", (unsigned int) *psym->st_shndx*); The problem with this implementation is that the st_shndx argument used in sprintf is controlled by the user, and therefore, could be larger than the size of the buffer, leading to a Stack BufferOverflow on the buffer *name_buf.* To prevent potential security vulnerabilities, I recommend modifying the implementation to use a dynamic buffer allocation that adjusts its size according to the length of the input argument. Otherwise, the function sprintf and snprintf allows to specify a maximum input size. This would ensure that the buffer can accommodate all possible input values, mitigating the risk of a BufferOverflow. Please let me know if you have any questions or concerns regarding this issue. Best regards, s0urc3
