From f2a3559d54602cecfec6d90f792be4a70ad918ab Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Fri, 3 Jan 2020 16:17:53 +0000
Subject: Fix potential illegal memory access when parsing a corrupt PEF format
 file.

	PR 25307
	(bfd_pef_parse_function_stubs): Correct the test that ensures that
	there is enough data remaining in the code buffer before
	attempting to read a function stub.
---
 bfd/ChangeLog | 7 +++++++
 bfd/pef.c     | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 7fb5bca..0ad28a7 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,12 @@
 2020-01-03  Nick Clifton  <nickc@redhat.com>
 
+	PR 25307
+	(bfd_pef_parse_function_stubs): Correct the test that ensures that
+	there is enough data remaining in the code buffer before
+	attempting to read a function stub.
+
+2020-01-03  Nick Clifton  <nickc@redhat.com>
+
 	PR 25308
 	* elf-properties.c (_bfd_elf_convert_gnu_properties): Check the
 	return value from bfd_malloc.
diff --git a/bfd/pef.c b/bfd/pef.c
index 726b8d7..574d9bc 100644
--- a/bfd/pef.c
+++ b/bfd/pef.c
@@ -806,7 +806,7 @@ bfd_pef_parse_function_stubs (bfd *abfd,
 	  codepos += 4;
 	}
 
-      if ((codepos + 4) > codelen)
+      if ((codepos + 24) > codelen)
 	break;
 
       ret = bfd_pef_parse_function_stub (abfd, codebuf + codepos, 24, &sym_index);
-- 
cgit v1.1