Fix an illegal memory access when parsing a corrupt core note.

	PR 27799
	* elf32-xtensa.c (elf_xtensa_grok_prstatus): Check for core notes
	that are too small.

2 files changed, 12 insertions, 1 deletions

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 548ed9f..cd9b1b3 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,11 @@
 2021-04-30  Nick Clifton  <nickc@redhat.com>
 
+	PR 27799
+	* elf32-xtensa.c (elf_xtensa_grok_prstatus): Check for core notes
+	that are too small.
+
+2021-04-30  Nick Clifton  <nickc@redhat.com>
+
 	PR 27797
 	* libbfd.c (bfd_realloc_or_free): Do not free a pointer than has
 	been realloc'ed to size 0.
diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c
index c1781c7..7c5fb55 100644
--- a/bfd/elf32-xtensa.c
+++ b/bfd/elf32-xtensa.c
@@ -3740,8 +3740,14 @@ elf_xtensa_grok_prstatus (bfd *abfd, Elf_Internal_Note *note)
   int offset;
   unsigned int size;
 
+  if (elf_tdata (abfd) == NULL
+      || elf_tdata (abfd)->core == NULL)
+    return false;
+
   /* The size for Xtensa is variable, so don't try to recognize the format
      based on the size.  Just assume this is GNU/Linux.  */
+  if (note == NULL || note->descsz < 28)
+    return false;
 
   /* pr_cursig */
   elf_tdata (abfd)->core->signal = bfd_get_16 (abfd, note->descdata + 12);
@@ -3758,7 +3764,6 @@ elf_xtensa_grok_prstatus (bfd *abfd, Elf_Internal_Note *note)
 					  size, note->descpos + offset);
 }
 
-
 static bool
 elf_xtensa_grok_psinfo (bfd *abfd, Elf_Internal_Note *note)
 {