From: Alan Modra <amodra@gmail.com>
Date: Fri, 2 Jul 2021 13:48:04 +0000 (+0930)
Subject: PR28048, heap-buffer-overflow on readelf -Ww
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=4ff0bb2df5e0ce6dc30b8dd2a0d4174649d0dcfe;p=binutils-gdb.git

PR28048, heap-buffer-overflow on readelf -Ww

	PR 28048
	* dwarf.c (get_type_signedness): Don't run off end of buffer
	printing DW_FORM_string attribute.
---

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index f6d6ebf667d..95762df40d5 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2021-07-02  Alan Modra  <amodra@gmail.com>
+
+	PR 28048
+	* dwarf.c (get_type_signedness): Don't run off end of buffer
+	printing DW_FORM_string attribute.
+
 2021-07-01  Nick Clifton  <nickc@redhat.com>
 
 	PR 28029
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index de9d2b8c8f5..1e7f4db7b7c 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -2211,7 +2211,7 @@ get_type_signedness (abbrev_entry *entry,
 	      if (attr->form == DW_FORM_strp)
 		printf (", %s", fetch_indirect_string (uvalue));
 	      else if (attr->form == DW_FORM_string)
-		printf (", %s", orig_data);
+		printf (", %.*s", (int) (end - orig_data), orig_data);
 	    }
 	  break;