Fix seg-fault in linker parsing a corrupt input file.

	PR ld/20924
	(aout_link_add_symbols): Fix off by one error checking for
	overflow of string offset.

2 files changed, 6 insertions, 2 deletions

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index dbb90e7..3d9cd9e 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -4,6 +4,10 @@
 	* aoutx.h (aout_link_add_symbols): Replace BFD_ASSERT with return
 	FALSE.
 
+	PR ld/20924
+	(aout_link_add_symbols): Fix off by one error checking for
+	overflow of string offset.
+
 2016-12-03  Alan Modra  <amodra@gmail.com>
 
 	* elf64-ppc.c (struct ppc_link_hash_entry): Delete "was_undefined".
diff --git a/bfd/aoutx.h b/bfd/aoutx.h
index fb7041a..4de02e2 100644
--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
@@ -3094,7 +3094,7 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
 	    return FALSE;
 	  ++p;
 	  /* PR 19629: Corrupt binaries can contain illegal string offsets.  */
-	  if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
+	  if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
 	    return FALSE;
 	  string = strings + GET_WORD (abfd, p->e_strx);
 	  section = bfd_ind_section_ptr;
@@ -3130,7 +3130,7 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
 	  ++p;
 	  string = name;
 	  /* PR 19629: Corrupt binaries can contain illegal string offsets.  */
-	  if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
+	  if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
 	    return FALSE;
 	  name = strings + GET_WORD (abfd, p->e_strx);
 	  section = bfd_und_section_ptr;