From b23dc97fe237a1d9e850d7cbeee066183a00630b Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Tue, 28 Nov 2017 13:20:31 +0000
Subject: Fix a memory access violation when attempting to parse a corrupt COFF
 binary with a relocation that points beyond the end of the section to be
 relocated.

	PR 22506
	* reloc.c (reloc_offset_in_range): Rename to
	bfd_reloc_offset_in_range and export.
	(bfd_perform_relocation): Rename function invocation.
	(bfd_install_relocation): Likewise.
	(bfd_final_link_relocate): Likewise.
	* bfd-in2.h: Regenerate.
	* coff-arm.c (coff_arm_reloc): Use bfd_reloc_offset_in_range.
	* coff-i386.c (coff_i386_reloc): Likewise.
	* coff-i860.c (coff_i860_reloc): Likewise.
	* coff-m68k.c (mk68kcoff_common_addend_special_fn): Likewise.
	* coff-m88k.c (m88k_special_reloc): Likewise.
	* coff-mips.c (mips_reflo_reloc): Likewise.
	* coff-x86_64.c (coff_amd64_reloc): Likewise.
---
 bfd/bfd-in2.h | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'bfd/bfd-in2.h')

diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h
index 1b483bd..db1c480 100644
--- a/bfd/bfd-in2.h
+++ b/bfd/bfd-in2.h
@@ -2662,6 +2662,12 @@ bfd_reloc_status_type bfd_check_overflow
     unsigned int addrsize,
     bfd_vma relocation);
 
+bfd_boolean bfd_reloc_offset_in_range
+   (reloc_howto_type *howto,
+    bfd *abfd,
+    asection *section,
+    bfd_size_type offset);
+
 bfd_reloc_status_type bfd_perform_relocation
    (bfd *abfd,
     arelent *reloc_entry,
-- 
cgit v1.1