From e6a8a7d2ae3a1c722ad2f8fa1ad20232af2dbfd3 Mon Sep 17 00:00:00 2001
From: Eli Zaretskii <eliz@gnu.org>
Date: Fri, 27 Feb 2004 17:46:11 +0000
Subject: 2004-02-27  Eli Zaretskii  <eliz@elta.co.il>

	* coffread.c (enter_linenos): Don't let rawptr reference memory
	outside linetab[]'s limits.
---
 gdb/ChangeLog  | 5 +++++
 gdb/coffread.c | 8 ++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

(limited to 'gdb')

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 60aed30..7f9d399 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,8 @@
+2004-02-27  Eli Zaretskii  <eliz@elta.co.il>
+
+	* coffread.c (enter_linenos): Don't let rawptr reference memory
+	outside linetab[]'s limits.
+
 2004-02-27  Andrew Cagney  <cagney@redhat.com>
 
 	* hppa-tdep.c (hppa32_push_dummy_call): Fix code reserving
diff --git a/gdb/coffread.c b/gdb/coffread.c
index b0468e0..056ba13 100644
--- a/gdb/coffread.c
+++ b/gdb/coffread.c
@@ -1362,11 +1362,15 @@ enter_linenos (long file_offset, int first_line,
   /* line numbers start at one for the first line of the function */
   first_line--;
 
-  for (;;)
+  /* If the line number table is full (e.g. 64K lines in COFF debug
+     info), the next function's L_LNNO32 might not be zero, so don't
+     overstep the table's end in any case.  */
+  while (rawptr <= &linetab[0] + linetab_size)
     {
       bfd_coff_swap_lineno_in (symfile_bfd, rawptr, &lptr);
       rawptr += local_linesz;
-      /* The next function, or the sentinel, will have L_LNNO32 zero; we exit. */
+      /* The next function, or the sentinel, will have L_LNNO32 zero;
+	 we exit. */
       if (L_LNNO32 (&lptr) && L_LNNO32 (&lptr) <= last_line)
 	record_line (current_subfile, first_line + L_LNNO32 (&lptr),
 		     lptr.l_addr.l_paddr
-- 
cgit v1.1