Fix seg-fault in the linker when examining a corrupt binary.

[deliverable/binutils-gdb.git] / bfd / aoutx.h

diff --git a/bfd/aoutx.h b/bfd/aoutx.h
index 81658bf6ce3d5ec4980b65abc244fcf3dabcfa5e..b9ac2b7f9e56051e1aa9d87bf4a12ba6e736d65d 100644 (file)
--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
@@ -1278,6 +1278,7 @@ NAME (aout, set_section_contents) (bfd *abfd,
       else
        {
          _bfd_error_handler
+           /* xgettext:c-format */
           (_("%s: can not represent section `%s' in a.out object file format"),
             bfd_get_filename (abfd), bfd_get_section_name (abfd, section));
           bfd_set_error (bfd_error_nonrepresentable_section);
@@ -1578,6 +1579,7 @@ translate_to_native_sym_flags (bfd *abfd,
       /* This case occurs, e.g., for the *DEBUG* section of a COFF
         file.  */
       _bfd_error_handler
+       /* xgettext:c-format */
        (_("%s: can not represent section for symbol `%s' in a.out "
           "object file format"),
         bfd_get_filename (abfd),
@@ -1613,6 +1615,7 @@ translate_to_native_sym_flags (bfd *abfd,
       else
        {
          _bfd_error_handler
+           /* xgettext:c-format */
           (_("%s: can not represent section `%s' in a.out object file format"),
             bfd_get_filename (abfd), bfd_get_section_name (abfd, sec));
           bfd_set_error (bfd_error_nonrepresentable_section);
@@ -2663,7 +2666,7 @@ NAME (aout, find_nearest_line) (bfd *abfd,
   char *buf;
 
   *filename_ptr = abfd->filename;
-  *functionname_ptr = 0;
+  *functionname_ptr = NULL;
   *line_ptr = 0;
   if (disriminator_ptr)
     *disriminator_ptr = 0;
@@ -2808,9 +2811,17 @@ NAME (aout, find_nearest_line) (bfd *abfd,
        *filename_ptr = main_file_name;
       else
        {
-         sprintf (buf, "%s%s", directory_name, main_file_name);
-         *filename_ptr = buf;
-         buf += filelen + 1;
+         if (buf == NULL)
+           /* PR binutils/20891: In a corrupt input file both
+              main_file_name and directory_name can be empty...  */
+           * filename_ptr = NULL;
+         else
+           {
+             snprintf (buf, filelen + 1, "%s%s", directory_name,
+                       main_file_name);
+             *filename_ptr = buf;
+             buf += filelen + 1;
+           }
        }
     }
 
@@ -2819,6 +2830,12 @@ NAME (aout, find_nearest_line) (bfd *abfd,
       const char *function = func->name;
       char *colon;
 
+      if (buf == NULL)
+       {
+         /* PR binutils/20892: In a corrupt input file func can be empty.  */
+         * functionname_ptr = NULL;
+         return TRUE;
+       }
       /* The caller expects a symbol name.  We actually have a
         function name, without the leading underscore.  Put the
         underscore back in, so that the caller gets a symbol name.  */
@@ -3014,10 +3031,9 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
        continue;
 
       /* PR 19629: Corrupt binaries can contain illegal string offsets.  */
-      if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
+      if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
        return FALSE;
       name = strings + GET_WORD (abfd, p->e_strx);
-      
       value = GET_WORD (abfd, p->e_value);
       flags = BSF_GLOBAL;
       string = NULL;
@@ -5376,6 +5392,7 @@ NAME (aout, final_link) (bfd *abfd,
                 work out the number of relocs needed, and then multiply
                 by the reloc size.  */
              _bfd_error_handler
+               /* xgettext:c-format */
                (_("%s: relocatable link from %s to %s not supported"),
                 bfd_get_filename (abfd),
                 sub->xvec->name, abfd->xvec->name);