Fix potential illegal memory access when parsing a corrupt PEF format file.

	PR 25307
	(bfd_pef_parse_function_stubs): Correct the test that ensures that
	there is enough data remaining in the code buffer before
	attempting to read a function stub.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 7fb5bcad5953637d016335c24930c347f6f08d75..0ad28a798d0a5d3dfee54c169455128bf9bdc15a 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,10 @@
+2020-01-03  Nick Clifton  <nickc@redhat.com>
+
+       PR 25307
+       (bfd_pef_parse_function_stubs): Correct the test that ensures that
+       there is enough data remaining in the code buffer before
+       attempting to read a function stub.
+
 2020-01-03  Nick Clifton  <nickc@redhat.com>
 
        PR 25308

diff --git a/bfd/pef.c b/bfd/pef.c
index 726b8d7493d6c69e335b955da622a915270bbdde..574d9bcb5d6361b8002e28945efc75a7cdf347a6 100644 (file)
--- a/bfd/pef.c
+++ b/bfd/pef.c
@@ -806,7 +806,7 @@ bfd_pef_parse_function_stubs (bfd *abfd,
          codepos += 4;
        }
 
-      if ((codepos + 4) > codelen)
+      if ((codepos + 24) > codelen)
        break;
 
       ret = bfd_pef_parse_function_stub (abfd, codebuf + codepos, 24, &sym_index);