From: Nick Clifton <nickc@redhat.com>
Date: Wed, 15 Jul 2020 10:09:59 +0000 (+0100)
Subject: Fix an illegal memory access in the BFD library which can be triggered by attempting... 
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=4fd8d5856435ff84de1f181381fc51754285af6f;p=binutils-gdb.git

Fix an illegal memory access in the BFD library which can be triggered by attempting to parse a corrupt PE format file.

	PR26240
	* coffgen.c (coff_get_normalized_symtab): Fix off-by-one error in
	check for aux entries that overflow the buufer.
---

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 321e2e060bd..1337645a731 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2020-07-15  Nick Clifton  <nickc@redhat.com>
+
+	PR26240
+	* coffgen.c (coff_get_normalized_symtab): Fix off-by-one error in
+	check for aux entries that overflow the buufer.
+
 2020-07-15  Hans-Peter Nilsson  <hp@bitrange.com>
 
 	* elf64-mmix.c (mmix_elf_relax_section): Improve accounting for
diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index d49b2ff201e..0a2697268e9 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1814,7 +1814,7 @@ coff_get_normalized_symtab (bfd *abfd)
       internal_ptr->is_sym = TRUE;
 
       /* PR 17512: Prevent buffer overrun.  */
-      if (symbol_ptr->u.syment.n_numaux > (raw_end - raw_src) / symesz)
+      if (symbol_ptr->u.syment.n_numaux > ((raw_end - 1) - raw_src) / symesz)
 	{
 	  bfd_release (abfd, internal);
 	  return NULL;