Fix seeks and reads past the end of a BIM

2 files changed, 23 insertions, 1 deletions

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index a21a0b3558f..c37eee2ba5d 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2000-01-21  Nick Clifton  <nickc@cygnus.com>
+
+	* libbfd.c (bfd_read): Do not attempt to get a negativly sized
+	amount from a bfd_in_memory structure.
+	(bfd_seek): Do not allow seeks past the end of a bfd_in_memory
+	structure.
+
 2000-01-14  Nick Clifton  <nickc@cygnus.com>
 
 	* linker.c (default_indirect_link_order): oops - fix incorrectly
diff --git a/bfd/libbfd.c b/bfd/libbfd.c
index b43e88ca280..fb833f60b69 100644
--- a/bfd/libbfd.c
+++ b/bfd/libbfd.c
@@ -274,7 +274,10 @@ bfd_read (ptr, size, nitems, abfd)
       get = size * nitems;
       if (abfd->where + get > bim->size)
 	{
-	  get = bim->size - abfd->where;
+	  if (bim->size < abfd->where)
+	    get = 0;
+	  else
+	    get = bim->size - abfd->where;
 	  bfd_set_error (bfd_error_file_truncated);
 	}
       memcpy (ptr, bim->buffer + abfd->where, get);
@@ -677,10 +680,22 @@ bfd_seek (abfd, position, direction)
 
   if ((abfd->flags & BFD_IN_MEMORY) != 0)
     {
+      struct bfd_in_memory *bim;
+
+      bim = (struct bfd_in_memory *) abfd->iostream;
+      
       if (direction == SEEK_SET)
 	abfd->where = position;
       else
 	abfd->where += position;
+      
+      if (abfd->where > bim->size)
+	{
+	  abfd->where = bim->size;
+	  bfd_set_error (bfd_error_file_truncated);
+	  return -1;
+	}
+      
       return 0;
     }