Fix seg-fault in linker parsing a corrupt input file.

	PR ld/20924
	(aout_link_add_symbols): Fix off by one error checking for
	overflow of string offset.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index dbb90e7007f806c93324dbca5e503f2114e2e35c..3d9cd9e95a29673d7bb70a5fe36222690da16d13 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -4,6 +4,10 @@
        * aoutx.h (aout_link_add_symbols): Replace BFD_ASSERT with return
        FALSE.
 
+       PR ld/20924
+       (aout_link_add_symbols): Fix off by one error checking for
+       overflow of string offset.
+
 2016-12-03  Alan Modra  <amodra@gmail.com>
 
        * elf64-ppc.c (struct ppc_link_hash_entry): Delete "was_undefined".

diff --git a/bfd/aoutx.h b/bfd/aoutx.h
index fb7041abb3df4dae4a55cbf45f92c7ec848ab7cc..4de02e261984efa0d111c3a802f14f87aa14322f 100644 (file)
--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
@@ -3094,7 +3094,7 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
            return FALSE;
          ++p;
          /* PR 19629: Corrupt binaries can contain illegal string offsets.  */
-         if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
+         if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
            return FALSE;
          string = strings + GET_WORD (abfd, p->e_strx);
          section = bfd_ind_section_ptr;
@@ -3130,7 +3130,7 @@ aout_link_add_symbols (bfd *abfd, struct bfd_link_info *info)
          ++p;
          string = name;
          /* PR 19629: Corrupt binaries can contain illegal string offsets.  */
-         if (GET_WORD (abfd, p->e_strx) > obj_aout_external_string_size (abfd))
+         if (GET_WORD (abfd, p->e_strx) >= obj_aout_external_string_size (abfd))
            return FALSE;
          name = strings + GET_WORD (abfd, p->e_strx);
          section = bfd_und_section_ptr;