Fixes a few more memory access violations exposed by fuzzed binaries.

	PR binutils/17512
	* ecoff.c (_bfd_ecoff_slurp_symbol_table): Warn about and correct
	a discrepancy between the isymMax and ifdMax values in the
	symbolic header.
	* elf.c (_bfd_elf_print_private_bfd_data): Fix the range check
	scanning the external dynamic entries.

1 files changed, 15 insertions, 0 deletions

diff --git a/bfd/ecoff.c b/bfd/ecoff.c
index 33e2134..70783b1 100644
--- a/bfd/ecoff.c
+++ b/bfd/ecoff.c
@@ -905,6 +905,7 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
 				  &internal_ptr->symbol, 1,
 				  internal_esym.weakext))
 	return FALSE;
+      
       /* The alpha uses a negative ifd field for section symbols.  */
       if (internal_esym.ifd >= 0)
 	internal_ptr->fdr = (ecoff_data (abfd)->debug_info.fdr
@@ -946,6 +947,20 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
 	}
     }
 
+  /* PR 17512: file: 3372-3080-0.004.
+     A discrepancy between ecoff_data (abfd)->debug_info.symbolic_header.isymMax
+     and ecoff_data (abfd)->debug_info.symbolic_header.ifdMax can mean that
+     we have fewer symbols than we were expecting.  Allow for this by updating
+     the symbol count and warning the user.  */
+  if (internal_ptr - internal < bfd_get_symcount (abfd))
+    {
+      bfd_get_symcount (abfd) = internal_ptr - internal;
+      (*_bfd_error_handler)
+	(_("%B: warning: isymMax (%ld) is greater than ifdMax (%d)\n"),
+	 abfd, ecoff_data (abfd)->debug_info.symbolic_header.isymMax,
+	 ecoff_data (abfd)->debug_info.symbolic_header.ifdMax);
+    }
+
   ecoff_data (abfd)->canonical_symbols = internal;
 
   return TRUE;