Return NULL on corrupt input

	PR binutils/17512
	* elf32-i386.c (elf_i386_get_plt_sym_val): Return NULL on corrupt
	input.
	* elf64-x86-64.c (elf_x86_64_get_plt_sym_val): Likewise.

3 files changed, 16 insertions, 3 deletions

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 0545a7e..5215aa7 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2015-01-05  H.J. Lu  <hongjiu.lu@intel.com>
+
+	PR binutils/17512
+	* elf32-i386.c (elf_i386_get_plt_sym_val): Return NULL on corrupt
+	input.
+	* elf64-x86-64.c (elf_x86_64_get_plt_sym_val): Likewise.
+
 2015-01-05  Nick Clifton  <nickc@redhat.com>
 
 	PR binutils/17512
diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c
index 85acf0f..cf072a3 100644
--- a/bfd/elf32-i386.c
+++ b/bfd/elf32-i386.c
@@ -5194,9 +5194,12 @@ bad_return:
     {
       long reloc_index;
 
-      if (p->howto == NULL /* PR 17512: file: bc9d6cf5.  */
-	  || (p->howto->type != R_386_JUMP_SLOT
-	      && p->howto->type != R_386_IRELATIVE))
+      /* PR 17512: file: bc9d6cf5.  */
+      if (p->howto == NULL)
+	goto bad_return;
+
+      if (p->howto->type != R_386_JUMP_SLOT
+	  && p->howto->type != R_386_IRELATIVE)
 	continue;
 
       reloc_index = H_GET_32 (abfd, (plt_contents + plt_offset
diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
index cf63d6a..5cbb6fd 100644
--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
@@ -5559,6 +5559,9 @@ bad_return:
     {
       long reloc_index;
 
+      if (p->howto == NULL)
+	goto bad_return;
+
       if (p->howto->type != R_X86_64_JUMP_SLOT
 	  && p->howto->type != R_X86_64_IRELATIVE)
 	continue;