Fix buffer overrun parsing a corrupt tekhex binary.

PR binutils/21962 * tekhex.c (getsym): Fix check for source pointer walking off the end of the input buffer.
author: Nick Clifton <nickc@redhat.com> 2017-08-18 08:45:12 +0100
committer: Nick Clifton <nickc@redhat.com> 2017-08-18 08:45:12 +0100
commit: de25939739ffe9a9ad7cec07a35bb2a1e430fe39 (patch)
tree: c7e12ad2404cac942ea6fadedbbcb5468b496464
parent: dd66b39984d2b8a24b97638d65eef5cfd7dcbc5a (diff)
download: fsf-binutils-gdb-de25939739ffe9a9ad7cec07a35bb2a1e430fe39.zip
fsf-binutils-gdb-de25939739ffe9a9ad7cec07a35bb2a1e430fe39.tar.gz
fsf-binutils-gdb-de25939739ffe9a9ad7cec07a35bb2a1e430fe39.tar.bz2
2 files changed, 7 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index e1985a4..79dfa1d 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-08-18  Nick Clifton  <nickc@redhat.com>
+
+	PR binutils/21962
+	* tekhex.c (getsym): Fix check for source pointer walking off the
+	end of the input buffer.
+
 2017-08-17  Szabolcs Nagy  <szabolcs.nagy@arm.com>
 
 	PR ld/18808
diff --git a/bfd/tekhex.c b/bfd/tekhex.c
index 1d605d5..cb4b624 100644
--- a/bfd/tekhex.c
+++ b/bfd/tekhex.c
@@ -307,7 +307,7 @@ getsym (char *dstp, char **srcp, unsigned int *lenp, char * endp)
   len = hex_value (*src++);
   if (len == 0)
     len = 16;
-  for (i = 0; i < len && src < endp; i++)
+  for (i = 0; i < len && (src + i) < endp; i++)
     dstp[i] = src[i];
   dstp[i] = 0;
   *srcp = src + i;
author	Nick Clifton <nickc@redhat.com>	2017-08-18 08:45:12 +0100
committer	Nick Clifton <nickc@redhat.com>	2017-08-18 08:45:12 +0100
commit	de25939739ffe9a9ad7cec07a35bb2a1e430fe39 (patch)
tree	c7e12ad2404cac942ea6fadedbbcb5468b496464
parent	dd66b39984d2b8a24b97638d65eef5cfd7dcbc5a (diff)
download	fsf-binutils-gdb-de25939739ffe9a9ad7cec07a35bb2a1e430fe39.zip fsf-binutils-gdb-de25939739ffe9a9ad7cec07a35bb2a1e430fe39.tar.gz fsf-binutils-gdb-de25939739ffe9a9ad7cec07a35bb2a1e430fe39.tar.bz2