Fix more memory faults uncovered by fuzzing various executables.

[deliverable/binutils-gdb.git] / binutils / rdcoff.c

diff --git a/binutils/rdcoff.c b/binutils/rdcoff.c
index 859aefe041da8bcec3c835b0bcb64d8b4d3cf946..67851366677b3f5ea4d5b7123e939af4bb165f77 100644 (file)
--- a/binutils/rdcoff.c
+++ b/binutils/rdcoff.c
@@ -83,7 +83,7 @@ struct coff_types
   debug_type basic[T_MAX + 1];
 };
 
-static debug_type *coff_get_slot (struct coff_types *, int);
+static debug_type *coff_get_slot (struct coff_types *, long);
 static debug_type parse_coff_type
   (bfd *, struct coff_symbols *, struct coff_types *, long, int,
    union internal_auxent *, bfd_boolean, void *);
@@ -104,12 +104,17 @@ static bfd_boolean external_coff_symbol_p (int sym_class);
 /* Return the slot for a type.  */
 
 static debug_type *
-coff_get_slot (struct coff_types *types, int indx)
+coff_get_slot (struct coff_types *types, long indx)
 {
   struct coff_slots **pps;
 
   pps = &types->slots;
 
+  /* PR 17512: file: 078-18333-0.001:0.1.
+     FIXME: The value of 1000 is a guess.  Maybe a better heuristic is needed.  */
+  if (indx / COFF_SLOTS > 1000)
+    fatal (_("Excessively large slot index: %lx"), indx);
+
   while (indx >= COFF_SLOTS)
     {
       if (*pps == NULL)