bfd_reloc_offset_in_range overflow

This patch is more about the style of bounds checking we ought to use,
rather than a real problem.  An overflow of "octet + reloc_size" can
only happen with huge sections which would certainly cause out of
memory errors.

	* reloc.c (bfd_reloc_offset_in_range): Avoid possible overflow.

diff --git a/bfd/reloc.c b/bfd/reloc.c
index 6d920e1df06937bdda90254be115d8af37086da0..441ddd8fa2e005ba948ec526e7a724592ec87e3c 100644 (file)
--- a/bfd/reloc.c
+++ b/bfd/reloc.c
@@ -547,7 +547,7 @@ bfd_reloc_offset_in_range (reloc_howto_type *howto,
   /* The reloc field must be contained entirely within the section.
      Allow zero length fields (marker relocs or NONE relocs where no
      relocation will be performed) at the end of the section.  */
-  return octet <= octet_end && octet + reloc_size <= octet_end;
+  return octet <= octet_end && reloc_size <= octet_end - octet;
 }
 
 /* Read and return the section contents at DATA converted to a host