Index: ld/emultempl/pe.em
===================================================================
RCS file: /cvs/src/src/ld/emultempl/pe.em,v
retrieving revision 1.117
diff -c -3 -p -r1.117 pe.em
*** ld/emultempl/pe.em	22 Jun 2006 16:25:36 -0000	1.117
--- ld/emultempl/pe.em	27 Jun 2006 11:37:54 -0000
*************** gld_${EMULATION_NAME}_open_dynamic_archi
*** 1724,1729 ****
--- 1724,1730 ----
  	 so, update the call to xmalloc() below.  */
        { NULL, FALSE }
      };
+   static unsigned int format_max_len = 0;
    const char * filename;
    char * full_string;
    char * base_string;
*************** gld_${EMULATION_NAME}_open_dynamic_archi
*** 1735,1753 ****
  
    filename = entry->filename;
  
    full_string = xmalloc (strlen (search->name)
  			 + strlen (filename)
! 			 /* Allow space for the characters in the format
! 			    string.  Also allow for the path separator that
! 			    is appended after the search name. We actually
! 			    allow 1 more byte than is strictly necessary,
! 			    but this will not hurt.  */
! 			 + sizeof libname_fmt[0].format
  #ifdef DLL_SUPPORT
  			 + (pe_dll_search_prefix
  			    ? strlen (pe_dll_search_prefix) : 0)
  #endif
! 			 + 1);
  
    sprintf (full_string, "%s/", search->name);
    base_string = full_string + strlen (full_string);
--- 1736,1765 ----
  
    filename = entry->filename;
  
+   if (format_max_len == 0)
+     /* We need to allow space in the memory that we are going to allocate
+        for the characters in the format string.  Since the format array is
+        static we only need to calculate this information once.  In theory
+        this value could also be computed statically, but this introduces
+        the possibility for a discrepancy and hence a possible memory
+        corruption.  The lengths we compute here will be too long because
+        they will include any formating characters (%s) in the strings, but
+        this will not matter.  */
+     for (i = 0; libname_fmt[i].format; i++)
+       if (format_max_len < strlen (libname_fmt[i].format))
+ 	format_max_len = strlen (libname_fmt[i].format);
+ 
    full_string = xmalloc (strlen (search->name)
  			 + strlen (filename)
! 			 + format_max_len
  #ifdef DLL_SUPPORT
  			 + (pe_dll_search_prefix
  			    ? strlen (pe_dll_search_prefix) : 0)
  #endif
! 			 /* Allow for the terminating NUL and for the path
! 			    separator character that is inserted between
! 			    search->name and the start of the format string.  */
! 			 + 2);
  
    sprintf (full_string, "%s/", search->name);
    base_string = full_string + strlen (full_string);