PR binutils/13482

	* readelf.c (process_corefile_note_segment): Fix off-by-one errors
	verifying the contents of a note.

	* binutils-all/version.s: New test source file.
	* binutils-all/readelf.n: New file: expected readelf output.
	* binutils-all/readelf.exp: Add test of .note section contents.

1 files changed, 3 insertions, 3 deletions

diff --git a/binutils/readelf.c b/binutils/readelf.c
index 861b2c1662..3ade53e858 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -1,6 +1,6 @@
 /* readelf.c -- display contents of an ELF format file
    Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
-   2008, 2009, 2010, 2011
+   2008, 2009, 2010, 2011, 2012
    Free Software Foundation, Inc.
 
    Originally developed by Eric Youngdale <eric@andante.jic.com>
@@ -12994,7 +12994,7 @@ process_corefile_note_segment (FILE * file, bfd_vma offset, bfd_vma length)
       external = next;
 
       /* Prevent out-of-bounds indexing.  */
-      if (inote.namedata + inote.namesz >= (char *) pnotes + length
+      if (inote.namedata + inote.namesz > (char *) pnotes + length
 	  || inote.namedata + inote.namesz < inote.namedata)
         {
           warn (_("corrupt note found at offset %lx into core notes\n"),
@@ -13008,7 +13008,7 @@ process_corefile_note_segment (FILE * file, bfd_vma offset, bfd_vma length)
 	 one version of Linux (RedHat 6.0) generates corefiles that don't
 	 comply with the ELF spec by failing to include the null byte in
 	 namesz.  */
-      if (inote.namedata[inote.namesz] != '\0')
+      if (inote.namedata[inote.namesz - 1] != '\0')
 	{
 	  temp = (char *) malloc (inote.namesz + 1);