PR28048, heap-buffer-overflow on readelf -Ww

author Alan Modra <amodra@gmail.com>

Fri, 2 Jul 2021 13:48:04 +0000 (23:18 +0930)

committer Alan Modra <amodra@gmail.com>

Fri, 2 Jul 2021 13:49:43 +0000 (23:19 +0930)
author Alan Modra <amodra@gmail.com>
Fri, 2 Jul 2021 13:48:04 +0000 (23:18 +0930)
committer Alan Modra <amodra@gmail.com>
Fri, 2 Jul 2021 13:49:43 +0000 (23:19 +0930)
diff --git a/binutils/ChangeLog b/binutils/ChangeLog

index f6d6ebf667d4771b2edc938f5005c18d21358ba5..95762df40d5690296d27ebea0c787f2de26e1a27 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2021-07-02  Alan Modra  <amodra@gmail.com>
+
+       PR 28048
+       * dwarf.c (get_type_signedness): Don't run off end of buffer
+       printing DW_FORM_string attribute.
+
  2021-07-01  Nick Clifton  <nickc@redhat.com>
  
         PR 28029
diff --git a/binutils/dwarf.c b/binutils/dwarf.c

index de9d2b8c8f54d0ffe1f6b7022206b45e1fba33cb..1e7f4db7b7c890bea45ea6866808fcbcb204f393 100644 (file)
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -2211,7 +2211,7 @@ get_type_signedness (abbrev_entry *entry,
               if (attr->form == DW_FORM_strp)
                 printf (", %s", fetch_indirect_string (uvalue));
               else if (attr->form == DW_FORM_string)
-               printf (", %s", orig_data);
+               printf (", %.*s", (int) (end - orig_data), orig_data);
             }
           break;
author	Alan Modra <amodra@gmail.com>
	Fri, 2 Jul 2021 13:48:04 +0000 (23:18 +0930)
committer	Alan Modra <amodra@gmail.com>
	Fri, 2 Jul 2021 13:49:43 +0000 (23:19 +0930)
binutils/ChangeLog		patch \| blob \| history
binutils/dwarf.c		patch \| blob \| history