XCOFF64 uninitialised read

Like git commit 67338173a4.

	* coff64-rs6000.c (xcoff64_slurp_armap): Ensure size is large
	enough to read number of symbols.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 62e564e1dcef72a7703dd65757fd54e28c071d0a..2e0abc83599a69902193b438b957c7e134785f97 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2020-03-22  Alan Modra  <amodra@gmail.com>
+
+       * coff64-rs6000.c (xcoff64_slurp_armap): Ensure size is large
+       enough to read number of symbols.
+
 2020-03-20  H.J. Lu  <hongjiu.lu@intel.com>
 
        * configure.ac (HAVE_EXECUTABLE_SUFFIX): Removed.

diff --git a/bfd/coff64-rs6000.c b/bfd/coff64-rs6000.c
index cca876eb4e083335bbc78d5ab68f98785200f1db..d34e25903ced4ffc2524c3d7e624e1d7ac90b241 100644 (file)
--- a/bfd/coff64-rs6000.c
+++ b/bfd/coff64-rs6000.c
@@ -1933,9 +1933,9 @@ xcoff64_slurp_armap (bfd *abfd)
     return FALSE;
 
   sz = bfd_scan_vma (hdr.size, (const char **) NULL, 10);
-  if (sz == (bfd_size_type) -1)
+  if (sz + 1 < 9)
     {
-      bfd_set_error (bfd_error_no_memory);
+      bfd_set_error (bfd_error_bad_value);
       return FALSE;
     }