Prevent an illegal memory access via an out of range fixup pointer.

	PR 23061
	* coffgen.c (coff_pointerize_aux): Check for an out of range
	fixup.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 9f81866b4677ee96213ef90f5bb2ef1d91a4b8fb..3ea3933fa50210ae171cb3b60091374cfb127b7d 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2018-04-16  Nick Clifton  <nickc@redhat.com>
+
+       PR 23061
+       * coffgen.c (coff_pointerize_aux): Check for an out of range
+       fixup.
+
 2018-04-16  Alan Modra  <amodra@gmail.com>
 
        * Makefile.am: Remove arm-epoc-pe support.

diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index ff445d2d032f5365833ba20a85f0b2f92f85c310..b9e48728a2c6b23e8d725fceb7c390783a3fca60 100644 (file)
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -835,7 +835,7 @@ coff_mangle_symbols (bfd *bfd_ptr)
          for (i = 0; i < s->u.syment.n_numaux; i++)
            {
              combined_entry_type *a = s + i + 1;
-
+             
              BFD_ASSERT (! a->is_sym);
              if (a->fix_tag)
                {
@@ -1547,7 +1547,9 @@ coff_pointerize_aux (bfd *abfd,
 
   if ((ISFCN (type) || ISTAG (n_sclass) || n_sclass == C_BLOCK
        || n_sclass == C_FCN)
-      && auxent->u.auxent.x_sym.x_fcnary.x_fcn.x_endndx.l > 0)
+      && auxent->u.auxent.x_sym.x_fcnary.x_fcn.x_endndx.l > 0
+      && auxent->u.auxent.x_sym.x_fcnary.x_fcn.x_endndx.l
+      < (long) obj_raw_syment_count (abfd))
     {
       auxent->u.auxent.x_sym.x_fcnary.x_fcn.x_endndx.p =
        table_base + auxent->u.auxent.x_sym.x_fcnary.x_fcn.x_endndx.l;