Fix potential address violation parsing a corrupt Alpha VMS file.

	PR binutils/21638
	* vms-alpha.c (_bfd_vms_slurp_egsd): Check for an undersized
	record.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 8edcbc2e412da0e6308d2abe89dc24953f622f99..c92ed679f5eacbfef3831e56bf73561914557afa 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-06-21  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21638
+       * vms-alpha.c (_bfd_vms_slurp_egsd): Check for an undersized
+       record.
+
 2017-06-21  Nick Clifton  <nickc@redhat.com>
 
        PR binutils/21637

diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index aa38de9db59d904312364a8ff2988315cf3aa4d2..5f1b24aeb58743046b2971e89469a897a54341b7 100644 (file)
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -1143,6 +1143,14 @@ _bfd_vms_slurp_egsd (bfd *abfd)
 
   vms_debug2 ((2, "EGSD\n"));
 
+  if (PRIV (recrd.rec_size) < 8)
+    {
+      _bfd_error_handler (_("Corrupt EGSD record: its size (%#x) is too small"),
+                         PRIV (recrd.rec_size));
+      bfd_set_error (bfd_error_bad_value);
+      return FALSE;
+    }
+ 
   PRIV (recrd.rec) += 8;       /* Skip type, size, align pad.  */
   PRIV (recrd.rec_size) -= 8;
 
@@ -1354,6 +1362,8 @@ _bfd_vms_slurp_egsd (bfd *abfd)
       PRIV (recrd.rec) += gsd_size;
     }
 
+  /* FIXME: Should we complain if PRIV (recrd.rec_size) is not zero ?  */
+
   if (PRIV (gsd_sym_count) > 0)
     abfd->flags |= HAS_SYMS;