From 9dc2f26777b07f9e5aa3220f7a680987ef79e75e Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Tue, 7 Sep 2021 11:47:08 +0100
Subject: Fix an illegal memory access triggered by an atempt to disassemble a
 corrupt xtensa binary.

	PR 28305
	* elf32-xtensa.c (elf_xtensa_do_reloc): Add check for put of range
	reloc.
---
 bfd/ChangeLog      | 4 ++++
 bfd/elf32-xtensa.c | 2 ++
 bfd/xtensa-isa.c   | 1 -
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 4e53a1f..499e336 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,9 @@
 2021-09-07  Nick Clifton  <nickc@redhat.com>
 
+	PR 28305
+	* elf32-xtensa.c (elf_xtensa_do_reloc): Add check for put of range
+	reloc.
+
 	PR 28303
 	* elfxx-riscv.c (riscv_elf_add_sub_reloc): Add check for out of
 	range relocs.
diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c
index 7c5fb55..59f3dd5 100644
--- a/bfd/elf32-xtensa.c
+++ b/bfd/elf32-xtensa.c
@@ -1968,6 +1968,8 @@ elf_xtensa_do_reloc (reloc_howto_type *howto,
       return bfd_reloc_dangerous;
     }
 
+  if (input_size <= address)
+    return bfd_reloc_outofrange;
   /* Read the instruction into a buffer and decode the opcode.  */
   xtensa_insnbuf_from_chars (isa, ibuff, contents + address,
 			     input_size - address);
diff --git a/bfd/xtensa-isa.c b/bfd/xtensa-isa.c
index f6a1538..d92d9b8 100644
--- a/bfd/xtensa-isa.c
+++ b/bfd/xtensa-isa.c
@@ -227,7 +227,6 @@ xtensa_insnbuf_from_chars (xtensa_isa isa,
     }
 }
 
-
 
 /* ISA information.  */
 
-- 
cgit v1.1