aboutsummaryrefslogtreecommitdiff
path: root/bfd/aoutx.h
diff options
context:
space:
mode:
authorNick Clifton <nickc@redhat.com>2016-12-05 12:25:34 +0000
committerNick Clifton <nickc@redhat.com>2016-12-05 12:25:34 +0000
commitdaae68f4f372e0618d6b9c64ec0f1f74eae6ab3d (patch)
treef76ea25b9b911d89f049f0ad8deb68de57860915 /bfd/aoutx.h
parent39d4daf68e696bbf2db417abe677b2e68f3aace9 (diff)
downloadgdb-daae68f4f372e0618d6b9c64ec0f1f74eae6ab3d.zip
gdb-daae68f4f372e0618d6b9c64ec0f1f74eae6ab3d.tar.gz
gdb-daae68f4f372e0618d6b9c64ec0f1f74eae6ab3d.tar.bz2
Fix seg-fault in linker parsing a corrupt input file.
PR ld/20924 (aout_link_add_symbols): Fix off by one error checking for overflow of string offset.
Diffstat (limited to 'bfd/aoutx.h')
-rw-r--r--bfd/aoutx.h4
1 files changed, 2 insertions, 2 deletions
diff --git a/bfd/aoutx.h b/bfd/aoutx.h
index fb7041a..4de02e2 100644
--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
@@ -3094,7 +3094,7 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
return FALSE;
++p;
/* PR 19629: Corrupt binaries can contain illegal string offsets. */
- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
+ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
return FALSE;
string = strings + GET_WORD (abfd, p->e_strx);
section = bfd_ind_section_ptr;
@@ -3130,7 +3130,7 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
++p;
string = name;
/* PR 19629: Corrupt binaries can contain illegal string offsets. */
- if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
+ if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
return FALSE;
name = strings + GET_WORD (abfd, p->e_strx);
section = bfd_und_section_ptr;