From 7d4b2d2d29e2fc3af14d14412845615cc994cf91 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Mon, 2 Mar 2020 10:15:36 +1030
Subject: [PATCH] alpha-coff: large memory allocation

	* coff-alpha.c (alpha_ecoff_get_elt_at_filepos): Provide an upper
	limit to decompressed element size.
---
 bfd/ChangeLog    | 5 +++++
 bfd/coff-alpha.c | 9 +++++++++
 2 files changed, 14 insertions(+)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index d37c2cd98d..683bcfed85 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2020-03-02  Alan Modra  <amodra@gmail.com>
+
+	* coff-alpha.c (alpha_ecoff_get_elt_at_filepos): Provide an upper
+	limit to decompressed element size.
+
 2020-03-02  Alan Modra  <amodra@gmail.com>
 
 	* vms-lib.c (vms_traverse_index): Add recur_count param and
diff --git a/bfd/coff-alpha.c b/bfd/coff-alpha.c
index 4b39bcc999..9a3ac089a6 100644
--- a/bfd/coff-alpha.c
+++ b/bfd/coff-alpha.c
@@ -2050,6 +2050,7 @@ alpha_ecoff_get_elt_at_filepos (bfd *archive, file_ptr filepos)
   bfd_size_type size;
   bfd_byte *buf, *p;
   struct bfd_in_memory *bim;
+  ufile_ptr filesize;
 
   buf = NULL;
   nbfd = _bfd_get_elt_at_filepos (archive, filepos);
@@ -2083,6 +2084,14 @@ alpha_ecoff_get_elt_at_filepos (bfd *archive, file_ptr filepos)
     goto error_return;
   size = H_GET_64 (nbfd, ab);
 
+  /* The decompression algorithm will at most expand by eight times.  */
+  filesize = bfd_get_file_size (archive);
+  if (filesize != 0 && size / 8 > filesize)
+    {
+      bfd_set_error (bfd_error_malformed_archive);
+      goto error_return;
+    }
+
   if (size != 0)
     {
       bfd_size_type left;
-- 
2.34.1