2004-02-27 Eli Zaretskii <eliz@elta.co.il>

	* coffread.c (enter_linenos): Don't let rawptr reference memory
	outside linetab[]'s limits.

2 files changed, 11 insertions, 2 deletions

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 60aed30cb8b..7f9d3996353 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,8 @@
+2004-02-27  Eli Zaretskii  <eliz@elta.co.il>
+
+	* coffread.c (enter_linenos): Don't let rawptr reference memory
+	outside linetab[]'s limits.
+
 2004-02-27  Andrew Cagney  <cagney@redhat.com>
 
 	* hppa-tdep.c (hppa32_push_dummy_call): Fix code reserving
diff --git a/gdb/coffread.c b/gdb/coffread.c
index b0468e02340..056ba137471 100644
--- a/gdb/coffread.c
+++ b/gdb/coffread.c
@@ -1362,11 +1362,15 @@ enter_linenos (long file_offset, int first_line,
   /* line numbers start at one for the first line of the function */
   first_line--;
 
-  for (;;)
+  /* If the line number table is full (e.g. 64K lines in COFF debug
+     info), the next function's L_LNNO32 might not be zero, so don't
+     overstep the table's end in any case.  */
+  while (rawptr <= &linetab[0] + linetab_size)
     {
       bfd_coff_swap_lineno_in (symfile_bfd, rawptr, &lptr);
       rawptr += local_linesz;
-      /* The next function, or the sentinel, will have L_LNNO32 zero; we exit. */
+      /* The next function, or the sentinel, will have L_LNNO32 zero;
+	 we exit. */
       if (L_LNNO32 (&lptr) && L_LNNO32 (&lptr) <= last_line)
 	record_line (current_subfile, first_line + L_LNNO32 (&lptr),
 		     lptr.l_addr.l_paddr