Fix a seg-fault when processing a corrupt binary containing reloc(s) with negative addresses.

PR binutils/21434 * reloc.c (bfd_perform_relocation): Check for a negative address in the reloc.
author: Nick Clifton <nickc@redhat.com> 2017-04-26 16:30:22 +0100
committer: Nick Clifton <nickc@redhat.com> 2017-04-26 16:30:22 +0100
commit: 04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2 (patch)
tree: 8fe1f38692abfb15f4df26fc6138af2a4a64742c /bfd/reloc.c
parent: d21f3ddb0d5f95aff5c769ae283ce5522262f48d (diff)
download: gdb-04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2.zip
gdb-04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2.tar.gz
gdb-04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2.tar.bz2
1 files changed, 4 insertions, 1 deletions
diff --git a/bfd/reloc.c b/bfd/reloc.c
index 2791458..9a04022 100644
--- a/bfd/reloc.c
+++ b/bfd/reloc.c
@@ -624,7 +624,10 @@ bfd_perform_relocation (bfd *abfd,
      PR 17512: file: c146ab8b, 46dff27f, 38e53ebf.  */
   octets = reloc_entry->address * bfd_octets_per_byte (abfd);
   if (octets + bfd_get_reloc_size (howto)
-      > bfd_get_section_limit_octets (abfd, input_section))
+      > bfd_get_section_limit_octets (abfd, input_section)
+      /* Check for an overly large offset which
+	 masquerades as a negative value too.  */
+      || (octets + bfd_get_reloc_size (howto) < bfd_get_reloc_size (howto)))
     return bfd_reloc_outofrange;
 
   /* Work out which section the relocation is targeted at and the
author	Nick Clifton <nickc@redhat.com>	2017-04-26 16:30:22 +0100
committer	Nick Clifton <nickc@redhat.com>	2017-04-26 16:30:22 +0100
commit	04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2 (patch)
tree	8fe1f38692abfb15f4df26fc6138af2a4a64742c /bfd/reloc.c
parent	d21f3ddb0d5f95aff5c769ae283ce5522262f48d (diff)
download	gdb-04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2.zip gdb-04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2.tar.gz gdb-04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2.tar.bz2