From c15a8f173e9b01dd962ba857b7deb547d34bca5b Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Sun, 22 Mar 2020 20:29:16 +1030
Subject: XCOFF64 uninitialised read

Like git commit 67338173a4.

	* coff64-rs6000.c (xcoff64_slurp_armap): Ensure size is large
	enough to read number of symbols.
---
 bfd/ChangeLog       | 5 +++++
 bfd/coff64-rs6000.c | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

(limited to 'bfd')

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 62e564e..2e0abc8 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2020-03-22  Alan Modra  <amodra@gmail.com>
+
+	* coff64-rs6000.c (xcoff64_slurp_armap): Ensure size is large
+	enough to read number of symbols.
+
 2020-03-20  H.J. Lu  <hongjiu.lu@intel.com>
 
 	* configure.ac (HAVE_EXECUTABLE_SUFFIX): Removed.
diff --git a/bfd/coff64-rs6000.c b/bfd/coff64-rs6000.c
index cca876e..d34e259 100644
--- a/bfd/coff64-rs6000.c
+++ b/bfd/coff64-rs6000.c
@@ -1933,9 +1933,9 @@ xcoff64_slurp_armap (bfd *abfd)
     return FALSE;
 
   sz = bfd_scan_vma (hdr.size, (const char **) NULL, 10);
-  if (sz == (bfd_size_type) -1)
+  if (sz + 1 < 9)
     {
-      bfd_set_error (bfd_error_no_memory);
+      bfd_set_error (bfd_error_bad_value);
       return FALSE;
     }
 
-- 
cgit v1.1