2 files changed, 18 insertions, 3 deletions

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 772c075769..51f9a90ffb 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2002-06-06  Richard Sandiford  <rsandifo@redhat.com>
+
+	* stabs.c (_bfd_link_section_stabs): Check that the symbol offset
+	is within the .stabstr section.
+
 2002-06-06  Alan Modra  <amodra@bigpond.net.au>
 
 	* elf-bfd.h (struct elf_size_info <swap_symbol_in>): Function args
diff --git a/bfd/stabs.c b/bfd/stabs.c
index bba4a6d61e..e225d9cd60 100644
--- a/bfd/stabs.c
+++ b/bfd/stabs.c
@@ -284,6 +284,7 @@ _bfd_link_section_stabs (abfd, psinfo, stabsec, stabstrsec, psecinfo)
        sym < symend;
        sym += STABSIZE, ++pstridx)
     {
+      bfd_size_type symstroff;
       int type;
       const char *string;
 
@@ -311,9 +312,18 @@ _bfd_link_section_stabs (abfd, psinfo, stabsec, stabstrsec, psecinfo)
 	}
 
       /* Store the string in the hash table, and record the index.  */
-      string = ((char *) stabstrbuf
-		+ stroff
-		+ bfd_get_32 (abfd, sym + STRDXOFF));
+      symstroff = stroff + bfd_get_32 (abfd, sym + STRDXOFF);
+      if (symstroff >= stabstrsec->_raw_size)
+	{
+	  (*_bfd_error_handler)
+	    (_("%s(%s+0x%lx): Stabs entry has invalid string index."),
+	     bfd_archive_filename (abfd),
+	     bfd_get_section_name (abfd, stabsec),
+	     (long) (sym - stabbuf));
+	  bfd_set_error (bfd_error_bad_value);
+	  goto error_return;
+	}
+      string = (char *) stabstrbuf + symstroff;
       *pstridx = _bfd_stringtab_add (sinfo->strings, string, true, true);
 
       /* An N_BINCL symbol indicates the start of the stabs entries