Fix out of bounds memory access when trying to allocate space for a note of size -1.

	PR 21933
	* elf.c (elf_read_notes): Check for a note size of -1.

diff --git a/bfd/elf.c b/bfd/elf.c
index bc4b4a3cd149785f542d940378801bd4a71382f7..d702474bff7c24f42b7b9cd1d69f7760e7e43b11 100644 (file)
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -10997,7 +10997,7 @@ elf_read_notes (bfd *abfd, file_ptr offset, bfd_size_type size)
 {
   char *buf;
 
-  if (size <= 0)
+  if (size == 0 || (size + 1) == 0)
     return TRUE;
 
   if (bfd_seek (abfd, offset, SEEK_SET) != 0)