* stabs.c (_bfd_link_section_stabs): Check that the symbol offset

	is within the .stabstr section.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 772c0757695c71a922974ff1eeba90a4bbf8c783..51f9a90ffb698a5fb4a6b3a214c342805f944e59 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2002-06-06  Richard Sandiford  <rsandifo@redhat.com>
+
+       * stabs.c (_bfd_link_section_stabs): Check that the symbol offset
+       is within the .stabstr section.
+
 2002-06-06  Alan Modra  <amodra@bigpond.net.au>
 
        * elf-bfd.h (struct elf_size_info <swap_symbol_in>): Function args

diff --git a/bfd/stabs.c b/bfd/stabs.c
index bba4a6d61ed79552b47cee4ab3e6f7bbe525fa11..e225d9cd60d7ef70a82cfd701ca0992161cd6fe7 100644 (file)
--- a/bfd/stabs.c
+++ b/bfd/stabs.c
@@ -284,6 +284,7 @@ _bfd_link_section_stabs (abfd, psinfo, stabsec, stabstrsec, psecinfo)
        sym < symend;
        sym += STABSIZE, ++pstridx)
     {
+      bfd_size_type symstroff;
       int type;
       const char *string;
 
@@ -311,9 +312,18 @@ _bfd_link_section_stabs (abfd, psinfo, stabsec, stabstrsec, psecinfo)
        }
 
       /* Store the string in the hash table, and record the index.  */
-      string = ((char *) stabstrbuf
-               + stroff
-               + bfd_get_32 (abfd, sym + STRDXOFF));
+      symstroff = stroff + bfd_get_32 (abfd, sym + STRDXOFF);
+      if (symstroff >= stabstrsec->_raw_size)
+       {
+         (*_bfd_error_handler)
+           (_("%s(%s+0x%lx): Stabs entry has invalid string index."),
+            bfd_archive_filename (abfd),
+            bfd_get_section_name (abfd, stabsec),
+            (long) (sym - stabbuf));
+         bfd_set_error (bfd_error_bad_value);
+         goto error_return;
+       }
+      string = (char *) stabstrbuf + symstroff;
       *pstridx = _bfd_stringtab_add (sinfo->strings, string, true, true);
 
       /* An N_BINCL symbol indicates the start of the stabs entries