Fix seeks and reads past the end of a BIM

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index a21a0b3558fe795a58019015e8380e196ba3da73..c37eee2ba5db9b6e81eaffa8024335b8e1f4bc28 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2000-01-21  Nick Clifton  <nickc@cygnus.com>
+
+       * libbfd.c (bfd_read): Do not attempt to get a negativly sized
+       amount from a bfd_in_memory structure.
+       (bfd_seek): Do not allow seeks past the end of a bfd_in_memory
+       structure.
+
 2000-01-14  Nick Clifton  <nickc@cygnus.com>
 
        * linker.c (default_indirect_link_order): oops - fix incorrectly

diff --git a/bfd/libbfd.c b/bfd/libbfd.c
index b43e88ca28085c51127940d9ce0682551be69b61..fb833f60b690dda6f1f0a58ba5d67e92fbc8c4da 100644 (file)
--- a/bfd/libbfd.c
+++ b/bfd/libbfd.c
@@ -274,7 +274,10 @@ bfd_read (ptr, size, nitems, abfd)
       get = size * nitems;
       if (abfd->where + get > bim->size)
        {
-         get = bim->size - abfd->where;
+         if (bim->size < abfd->where)
+           get = 0;
+         else
+           get = bim->size - abfd->where;
          bfd_set_error (bfd_error_file_truncated);
        }
       memcpy (ptr, bim->buffer + abfd->where, get);
@@ -677,10 +680,22 @@ bfd_seek (abfd, position, direction)
 
   if ((abfd->flags & BFD_IN_MEMORY) != 0)
     {
+      struct bfd_in_memory *bim;
+
+      bim = (struct bfd_in_memory *) abfd->iostream;
+      
       if (direction == SEEK_SET)
        abfd->where = position;
       else
        abfd->where += position;
+      
+      if (abfd->where > bim->size)
+       {
+         abfd->where = bim->size;
+         bfd_set_error (bfd_error_file_truncated);
+         return -1;
+       }
+      
       return 0;
     }