From 4ff0bb2df5e0ce6dc30b8dd2a0d4174649d0dcfe Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Fri, 2 Jul 2021 23:18:04 +0930
Subject: [PATCH] PR28048, heap-buffer-overflow on readelf -Ww

	PR 28048
	* dwarf.c (get_type_signedness): Don't run off end of buffer
	printing DW_FORM_string attribute.
---
 binutils/ChangeLog | 6 ++++++
 binutils/dwarf.c   | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index f6d6ebf667d..95762df40d5 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2021-07-02  Alan Modra  <amodra@gmail.com>
+
+	PR 28048
+	* dwarf.c (get_type_signedness): Don't run off end of buffer
+	printing DW_FORM_string attribute.
+
 2021-07-01  Nick Clifton  <nickc@redhat.com>
 
 	PR 28029
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index de9d2b8c8f5..1e7f4db7b7c 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -2211,7 +2211,7 @@ get_type_signedness (abbrev_entry *entry,
 	      if (attr->form == DW_FORM_strp)
 		printf (", %s", fetch_indirect_string (uvalue));
 	      else if (attr->form == DW_FORM_string)
-		printf (", %s", orig_data);
+		printf (", %.*s", (int) (end - orig_data), orig_data);
 	    }
 	  break;
 
-- 
2.30.2