Fix an illegal memory access in the BFD library which can be triggered by attempting to parse a corrupt PE format file.

PR26240 * coffgen.c (coff_get_normalized_symtab): Fix off-by-one error in check for aux entries that overflow the buufer.
author: Nick Clifton <nickc@redhat.com> 2020-07-15 11:09:59 +0100
committer: Nick Clifton <nickc@redhat.com> 2020-07-15 11:09:59 +0100
commit: 4fd8d5856435ff84de1f181381fc51754285af6f (patch)
tree: 79347458234713500cdf06bc7efd647b47f2eaf0
parent: 52781cce795439ce5055ee9b8a8c7bc6f92b7b72 (diff)
download: binutils-gdb-4fd8d5856435ff84de1f181381fc51754285af6f.tar.gz
2 files changed, 7 insertions, 1 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 321e2e060bd..1337645a731 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2020-07-15  Nick Clifton  <nickc@redhat.com>
+
+	PR26240
+	* coffgen.c (coff_get_normalized_symtab): Fix off-by-one error in
+	check for aux entries that overflow the buufer.
+
 2020-07-15  Hans-Peter Nilsson  <hp@bitrange.com>
 
 	* elf64-mmix.c (mmix_elf_relax_section): Improve accounting for
diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index d49b2ff201e..0a2697268e9 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1814,7 +1814,7 @@ coff_get_normalized_symtab (bfd *abfd)
       internal_ptr->is_sym = TRUE;
 
       /* PR 17512: Prevent buffer overrun.  */
-      if (symbol_ptr->u.syment.n_numaux > (raw_end - raw_src) / symesz)
+      if (symbol_ptr->u.syment.n_numaux > ((raw_end - 1) - raw_src) / symesz)
 	{
 	  bfd_release (abfd, internal);
 	  return NULL;
author	Nick Clifton <nickc@redhat.com>	2020-07-15 11:09:59 +0100
committer	Nick Clifton <nickc@redhat.com>	2020-07-15 11:09:59 +0100
commit	4fd8d5856435ff84de1f181381fc51754285af6f (patch)
tree	79347458234713500cdf06bc7efd647b47f2eaf0
parent	52781cce795439ce5055ee9b8a8c7bc6f92b7b72 (diff)
download	binutils-gdb-4fd8d5856435ff84de1f181381fc51754285af6f.tar.gz