Fix memory access violations triggered by running objdump compiled with out-of-bounds sanitization checking.

	PR binutils/17512
	* dwarf.c (eh_addr_size): Use an unsigned type.
	(size_of_encoded_value): Return an unsigned type.
	(read_leb128): Break if the shift becomes too big.
	(process_extended_line_op): Do not read the address if the length
	is too long.
	(read_cie): Warn and fail if the pointer size or segment size are
	too big.
	* dwarf.h (DWARF2_External_LineInfo): Delete unused and incorrect
	structure definition.
	(DWARF2_External_PubNames): Likewise.
	(DWARF2_External_CompUnit): Likewise.
	(DWARF2_External_ARange): Likewise.
	(DWARF2_Internal_LineInfo): Use dwarf_vma type for
	li_prologue_length.
	(eh_addr_size): Update prototype.

	* coffcode.h (styp_to_sec_flags): Use an unsigned long type to
	hold the flag bits.
	* peXXigen.c (pe_print_reloc): Use unsigned types to hold the
	size and number of relocs.
	(pe_print_debugdata): Use a 32-bit aligned buffer to store the
	codeview record.
	* versados.c (process_otr): Check the esdid value before using it
	to access the EDATA.

4 files changed, 24 insertions, 7 deletions

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 650e8ee..d5b50b7 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,15 @@
+2015-02-10  Nick Clifton  <nickc@redhat.com>
+
+	PR binutils/17512
+	* coffcode.h (styp_to_sec_flags): Use an unsigned long type to
+	hold the flag bits.
+	* peXXigen.c (pe_print_reloc): Use unsigned types to hold the
+	size and number of relocs.
+	(pe_print_debugdata): Use a 32-bit aligned buffer to store the
+	codeview record.
+	* versados.c (process_otr): Check the esdid value before using it
+	to access the EDATA.
+
 2015-02-09  Ed Maste  <emaste@freebsd.org>
 
 	* elf32-i386.c (elf_i386_get_plt_sym_val): Avoid incrementing
diff --git a/bfd/coffcode.h b/bfd/coffcode.h
index 76e5873..0ac4ce0 100644
--- a/bfd/coffcode.h
+++ b/bfd/coffcode.h
@@ -1169,7 +1169,7 @@ styp_to_sec_flags (bfd *abfd,
 		   flagword *flags_ptr)
 {
   struct internal_scnhdr *internal_s = (struct internal_scnhdr *) hdr;
-  long styp_flags = internal_s->s_flags;
+  unsigned long styp_flags = internal_s->s_flags;
   flagword sec_flags;
   bfd_boolean result = TRUE;
   bfd_boolean is_dbg = FALSE;
@@ -1192,7 +1192,7 @@ styp_to_sec_flags (bfd *abfd,
   /* Process each flag bit in styp_flags in turn.  */
   while (styp_flags)
     {
-      long flag = styp_flags & - styp_flags;
+      unsigned long flag = styp_flags & - styp_flags;
       char * unhandled = NULL;
 
       styp_flags &= ~ flag;
diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c
index 9feab3b..a7e9f04 100644
--- a/bfd/peXXigen.c
+++ b/bfd/peXXigen.c
@@ -1151,7 +1151,7 @@ _bfd_XXi_slurp_codeview_record (bfd * abfd, file_ptr where, unsigned long length
   /* Ensure null termination of filename.  */
   buffer[256] = '\0';
 
-  cvinfo->CVSignature = H_GET_32(abfd, buffer);
+  cvinfo->CVSignature = H_GET_32 (abfd, buffer);
   cvinfo->Age = 0;
 
   if ((cvinfo->CVSignature == CVINFO_PDB70_CVSIGNATURE)
@@ -2216,7 +2216,7 @@ pe_print_reloc (bfd * abfd, void * vfile)
     {
       int j;
       bfd_vma virtual_address;
-      long number, size;
+      unsigned long number, size;
       bfd_byte *chunk_end;
 
       /* The .reloc section is a sequence of blocks, with a header consisting
@@ -2231,7 +2231,7 @@ pe_print_reloc (bfd * abfd, void * vfile)
 
       fprintf (file,
 	       _("\nVirtual Address: %08lx Chunk size %ld (0x%lx) Number of fixups %ld\n"),
-	       (unsigned long) virtual_address, size, (unsigned long) size, number);
+	       (unsigned long) virtual_address, size, size, number);
 
       chunk_end = p + size;
       if (chunk_end > end)
@@ -2674,7 +2674,11 @@ pe_print_debugdata (bfd * abfd, void * vfile)
       if (idd.Type == PE_IMAGE_DEBUG_TYPE_CODEVIEW)
         {
           char signature[CV_INFO_SIGNATURE_LENGTH * 2 + 1];
-          char buffer[256 + 1];
+	  /* PR 17512: file: 065-29434-0.001:0.1
+	     We need to use a 32-bit aligned buffer
+	     to safely read in a codeview record.  */
+          char buffer[256 + 1] ATTRIBUTE_ALIGNED_ALIGNOF (CODEVIEW_INFO);
+
           CODEVIEW_INFO *cvinfo = (CODEVIEW_INFO *) buffer;
 
           /* The debug entry doesn't have to have to be in a section,
diff --git a/bfd/versados.c b/bfd/versados.c
index 2540314..93a90a7 100644
--- a/bfd/versados.c
+++ b/bfd/versados.c
@@ -373,7 +373,7 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass)
   | (otr->map[2] << 8)
   | (otr->map[3] << 0);
 
-  struct esdid *esdid = &EDATA (abfd, otr->esdid - 1);
+  struct esdid *esdid;
   unsigned char *contents;
   bfd_boolean need_contents = FALSE;
   unsigned int dst_idx;
@@ -382,6 +382,7 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass)
   if (otr->esdid == 0)
     return;
   
+  esdid = &EDATA (abfd, otr->esdid - 1);
   contents = esdid->contents;
   dst_idx = esdid->pc;