2004-02-27 Eli Zaretskii <eliz@elta.co.il>

	* coffread.c (enter_linenos): Don't let rawptr reference memory
	outside linetab[]'s limits.

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index 60aed30cb8baafd1fad2af84e0bf0e2f31e3ca88..7f9d3996353334e9aa6a05e97266412a124a4f8d 100644 (file)
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,8 @@
+2004-02-27  Eli Zaretskii  <eliz@elta.co.il>
+
+       * coffread.c (enter_linenos): Don't let rawptr reference memory
+       outside linetab[]'s limits.
+
 2004-02-27  Andrew Cagney  <cagney@redhat.com>
 
        * hppa-tdep.c (hppa32_push_dummy_call): Fix code reserving

diff --git a/gdb/coffread.c b/gdb/coffread.c
index b0468e0234073d1b6908554c9073dbd2ccf30a38..056ba1374718edaf9116d962019de6a8887651d2 100644 (file)
--- a/gdb/coffread.c
+++ b/gdb/coffread.c
@@ -1362,11 +1362,15 @@ enter_linenos (long file_offset, int first_line,
   /* line numbers start at one for the first line of the function */
   first_line--;
 
-  for (;;)
+  /* If the line number table is full (e.g. 64K lines in COFF debug
+     info), the next function's L_LNNO32 might not be zero, so don't
+     overstep the table's end in any case.  */
+  while (rawptr <= &linetab[0] + linetab_size)
     {
       bfd_coff_swap_lineno_in (symfile_bfd, rawptr, &lptr);
       rawptr += local_linesz;
-      /* The next function, or the sentinel, will have L_LNNO32 zero; we exit. */
+      /* The next function, or the sentinel, will have L_LNNO32 zero;
+        we exit. */
       if (L_LNNO32 (&lptr) && L_LNNO32 (&lptr) <= last_line)
        record_line (current_subfile, first_line + L_LNNO32 (&lptr),
                     lptr.l_addr.l_paddr