Fix address violation parsing a corrupt Alpha VMS binary file.

	PR binutils/21639
	* vms-misc.c (_bfd_vms_save_sized_string): Use unsigned int as
	type of the size parameter.
	(_bfd_vms_save_counted_string): Add second parameter - the maximum
	length of the counted string.
	* vms.h (_bfd_vms_save_sized_string): Update prototype.
	(_bfd_vms_save_counted_string): Likewise.
	* vms-alpha.c (_bfd_vms_slurp_eisd): Update calls to
	_bfd_vms_save_counted_string.
	(_bfd_vms_slurp_ehdr): Likewise.
	(_bfd_vms_slurp_egsd): Likewise.
	(Parse_module): Likewise.

1 files changed, 5 insertions, 3 deletions

diff --git a/bfd/vms-misc.c b/bfd/vms-misc.c
index 40c6cc2..7497f02 100644
--- a/bfd/vms-misc.c
+++ b/bfd/vms-misc.c
@@ -139,7 +139,7 @@ _bfd_hexdump (int level, unsigned char *ptr, int size, int offset)
    size is string size (size of record)  */
 
 char *
-_bfd_vms_save_sized_string (unsigned char *str, int size)
+_bfd_vms_save_sized_string (unsigned char *str, unsigned int size)
 {
   char *newstr = bfd_malloc ((bfd_size_type) size + 1);
 
@@ -155,10 +155,12 @@ _bfd_vms_save_sized_string (unsigned char *str, int size)
    ptr points to size byte on entry  */
 
 char *
-_bfd_vms_save_counted_string (unsigned char *ptr)
+_bfd_vms_save_counted_string (unsigned char *ptr, unsigned int maxlen)
 {
-  int len = *ptr++;
+  unsigned int len = *ptr++;
 
+  if (len > maxlen)
+    return NULL;
   return _bfd_vms_save_sized_string (ptr, len);
 }