From: Nick Clifton <nickc@redhat.com>
Date: Thu, 30 Oct 2014 15:52:10 +0000 (+0000)
Subject: Closes another memory corruption, this time due to heap overrun.
X-Git-Url: http://git.efficios.com/?a=commitdiff_plain;h=7e760b06b212f01b3819d5b37e8f5b613e0db34c;p=deliverable%2Fbinutils-gdb.git

Closes another memory corruption, this time due to heap overrun.

	PR binutils/17512
	* coffgen.c (coff_get_normalized_symtab): Prevent buffer overrun.
---

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index a5790a5681..f25c1b1e62 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2014-10-30  Nick Clifton  <nickc@redhat.com>
+
+	PR binutils/17512
+	* coffgen.c (coff_get_normalized_symtab): Prevent buffer overrun.
+
 2014-10-29  Nick Clifton  <nickc@redhat.com>
 
 	* elf.c (bfd_section_from_shdr): Fix heap use after free memory
diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index 3f223897f6..a1a032543e 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1748,7 +1748,7 @@ coff_get_normalized_symtab (bfd *abfd)
   if (internal == NULL && size != 0)
     return NULL;
   internal_end = internal + obj_raw_syment_count (abfd);
-
+  
   if (! _bfd_coff_get_external_symbols (abfd))
     return NULL;
 
@@ -1766,8 +1766,8 @@ coff_get_normalized_symtab (bfd *abfd)
        raw_src < raw_end;
        raw_src += symesz, internal_ptr++)
     {
-
       unsigned int i;
+
       bfd_coff_swap_sym_in (abfd, (void *) raw_src,
 			    (void *) & internal_ptr->u.syment);
       symbol_ptr = internal_ptr;
@@ -1777,6 +1777,10 @@ coff_get_normalized_symtab (bfd *abfd)
 	   i++)
 	{
 	  internal_ptr++;
+	  /* PR 17512: Prevent buffer overrun.  */
+	  if (internal_ptr >= internal_end)
+	    return NULL;
+
 	  raw_src += symesz;
 	  bfd_coff_swap_aux_in (abfd, (void *) raw_src,
 				symbol_ptr->u.syment.n_type,