Fix handling of corrupt STABS enum type strings.

	PR binutils/21157
	* stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
	pairs.
	(parse_number): Exit early if passed an empty string.

2 files changed, 20 insertions, 1 deletions

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 5d60a78..99774b6 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,5 +1,12 @@
 2017-02-14  Nick Clifton  <nickc@redhat.com>
 
+	PR binutils/21157
+	* stabs.c (parse_stab_enum_type): Check for corrupt NAME:VALUE
+	pairs.
+	(parse_number): Exit early if passed an empty string.
+
+2017-02-14  Nick Clifton  <nickc@redhat.com>
+
 	PR binutils/21155
 	* readelf.c (IN_RANGE): New macro.  Tests for an address + offset
 	being within a given range.
diff --git a/binutils/stabs.c b/binutils/stabs.c
index d3fc4af..3861f83 100644
--- a/binutils/stabs.c
+++ b/binutils/stabs.c
@@ -232,6 +232,10 @@ parse_number (const char **pp, bfd_boolean *poverflow)
 
   orig = *pp;
 
+  /* Stop early if we are passed an empty string.  */
+  if (*orig == 0)
+    return (bfd_vma) 0;
+
   errno = 0;
   ul = strtoul (*pp, (char **) pp, 0);
   if (ul + 1 != 0 || errno == 0)
@@ -1975,9 +1979,17 @@ parse_stab_enum_type (void *dhandle, const char **pp)
       bfd_signed_vma val;
 
       p = *pp;
-      while (*p != ':')
+      while (*p != ':' && *p != 0)
 	++p;
 
+      if (*p == 0)
+	{
+	  bad_stab (orig);
+	  free (names);
+	  free (values);
+	  return DEBUG_TYPE_NULL;
+	}
+
       name = savestring (*pp, p - *pp);
 
       *pp = p + 1;