Fix potential buffer overflows with sprintf and very large integer values.

binutuils* prdbg.c (pr_enum_type): Use a buffer big enough to hold an
	extremely large decimal value.
	(pr_range_type): Likewise.
	(pr_array_type): Likewise.
	(pr_struct_field): Likewise.
	(pr_class_baseclass): Likewise.
	(pr_class_method_variant): Likewise.
	(pr_tag_type): Likewise.
	(pr_int_constant): Likewise.
	(pr_typed_constant): Likewise.
	(pr_variable): Likewise.
	(pr_function_parameter): Likewise.
	(pr_start_block): Likewise.
	(pr_lineno): Likewise.
	(pr_end_block): Likewise.
	(tg_enum_type): Likewise.
	(tg_int_constant): Likewise.
	(tg_typed_constant): Likewise.
	(tg_start_block): Likewise.

gas	* macro.c (macro_expand_body): Use a buffer big enough to hold an
	extremely large integer.

2 files changed, 6 insertions, 1 deletions

diff --git a/gas/ChangeLog b/gas/ChangeLog
index 18257389cf6..40a9a2b88ab 100644
--- a/gas/ChangeLog
+++ b/gas/ChangeLog
@@ -1,3 +1,8 @@
+2016-07-01  Nick Clifton  <nickc@redhat.com>
+
+	* macro.c (macro_expand_body): Use a buffer big enough to hold an
+	extremely large integer.
+
 2016-07-01  Jan Beulich  <jbeulich@suse.com>
 
 	* testsuite/gas/i386/mpx-inval-2.l: Relax for COFF targets.
diff --git a/gas/macro.c b/gas/macro.c
index 0d1a1d24eae..deb4a49c908 100644
--- a/gas/macro.c
+++ b/gas/macro.c
@@ -842,7 +842,7 @@ macro_expand_body (sb *in, sb *out, formal_entry *formals,
 	    {
 	      /* Sub in the macro invocation number.  */
 
-	      char buffer[10];
+	      char buffer[12];
 	      src++;
 	      sprintf (buffer, "%d", macro_number);
 	      sb_add_string (out, buffer);