COFF buffer overflow in mark_relocs

	* cofflink.c (mark_relocs): Exclude relocs with -1 r_symndx
	from marking sym_indices.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index a889e56c28c1a9fc94f7885ac7488989e78d69c4..0fa96f246dfc4949e7a3237823f5b455416932c8 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2016-07-15  Alan Modra  <amodra@gmail.com>
+
+       * cofflink.c (mark_relocs): Exclude relocs with -1 r_symndx
+       from marking sym_indices.
+
 2016-07-14  Maciej W. Rozycki  <macro@imgtec.com>
 
        * reloc.c (bfd_perform_relocation): Try the `howto' handler

diff --git a/bfd/cofflink.c b/bfd/cofflink.c
index bcdf778ac0a6afdf57f73dc125fe63d0b3a2e6c4..0f6ef59f9249d539be9f82f6cad3c6e46f6858de 100644 (file)
--- a/bfd/cofflink.c
+++ b/bfd/cofflink.c
@@ -1398,7 +1398,8 @@ mark_relocs (struct coff_final_link_info *flaginfo, bfd *input_bfd)
         in the relocation table.  This will then be picked up in the
         skip/don't-skip pass.  */
       for (; irel < irelend; irel++)
-       flaginfo->sym_indices[ irel->r_symndx ] = -1;
+       if ((unsigned long) irel->r_symndx < obj_raw_syment_count (input_bfd))
+         flaginfo->sym_indices[irel->r_symndx] = -1;
     }
 }