More fixes for buffer overruns instigated by corrupt binaries.

[deliverable/binutils-gdb.git] / bfd / aoutx.h

diff --git a/bfd/aoutx.h b/bfd/aoutx.h
index bef59b423667fab30cf26666391de17e08149d12..cb0887a4bacb349dec9bbf8c2cdf61dd4d3c2b0d 100644 (file)
--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
@@ -1756,6 +1756,8 @@ NAME (aout, slurp_symbol_table) (bfd *abfd)
     return TRUE;               /* Nothing to do.  */
 
   cached_size *= sizeof (aout_symbol_type);
+  if (cached_size >= (bfd_size_type) bfd_get_size (abfd))
+    return FALSE;
   cached = (aout_symbol_type *) bfd_zmalloc (cached_size);
   if (cached == NULL)
     return FALSE;
@@ -2307,6 +2309,11 @@ NAME (aout, slurp_reloc_table) (bfd *abfd, sec_ptr asect, asymbol **symbols)
   if (reloc_size == 0)
     return TRUE;               /* Nothing to be done.  */
 
+  /* PR binutils/17512: Do not even try to
+     load the relocs if their size is corrupt.  */
+  if (reloc_size + asect->rel_filepos >= (bfd_size_type) bfd_get_size (abfd))
+    return FALSE;
+
   if (bfd_seek (abfd, asect->rel_filepos, SEEK_SET) != 0)
     return FALSE;