Subject: PR/62: spinpx: Avoid non-nul-terminated string read ID: CVE-2019-8904 Origin: FILE5_35-52-g94b7501f Upstream-Author: Christos Zoulas Date: Mon Feb 18 17:30:41 2019 +0000 Bug-Debian: https://bugs.debian.org/922967 --- a/src/readelf.c +++ b/src/readelf.c @@ -563,8 +563,8 @@ } if (namesz == 4 && strcmp((char *)&nbuf[noff], "Go") == 0 && type == NT_GO_BUILD_ID && descsz < 128) { - if (file_printf(ms, ", Go BuildID=%s", - (char *)&nbuf[doff]) == -1) + if (file_printf(ms, ", Go BuildID=%.*s", + CAST(int, descsz), CAST(char *, &nbuf[doff])) == -1) return -1; return 1; }