Fix off by one error when checking for empty note names.

	PR binutils/21439
	* readelf.c (print_gnu_build_attribute_name): Allow for an empty
	name field.

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 8bb1fc5052e01cdf0a6af61fa4e5d0d4151e8951..9eea3a050b4341b77419fe8814d6e4b0a79ff950 100644 (file)
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2017-04-28  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21439
+       * readelf.c (print_gnu_build_attribute_name): Allow for an empty
+       name field.
+
 2017-04-28  Nick Clifton  <nickc@redhat.com>
 
        PR binutils/21437

diff --git a/binutils/readelf.c b/binutils/readelf.c
index 72f9dda6443f6603df80b46657130d08263dcd08..fba6516d70256d41fe7fab4c54a16859e6a0c8bc 100644 (file)
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -17037,17 +17037,22 @@ print_gnu_build_attribute_name (Elf_Internal_Note * pnote)
     {
     case GNU_BUILD_ATTRIBUTE_TYPE_NUMERIC:
       {
-       /* The -1 is because the name field is always 0 terminated, and we
-          want to be able to ensure that the shift in the while loop below
-          will not overflow.  */
-       unsigned int        bytes = (pnote->namesz - (name - pnote->namedata)) - 1;
+       unsigned int        bytes;
        unsigned long long  val = 0;
        unsigned int        shift = 0;
        char *              decoded = NULL;
 
-       /* PR 21378 */
+       bytes = pnote->namesz - (name - pnote->namedata);
+       if (bytes > 0)
+         /* The -1 is because the name field is always 0 terminated, and we
+            want to be able to ensure that the shift in the while loop below
+            will not overflow.  */
+         -- bytes;
+
        if (bytes > sizeof (val))
          {
+           fprintf (stderr, "namesz %lx name %p namedata %p\n",
+                    pnote->namesz, name, pnote->namedata);
            error (_("corrupt numeric name field: too many bytes in the value: %x\n"),
                   bytes);
            bytes = sizeof (val);