From: Alan Modra <amodra@gmail.com>
Date: Sun, 22 Mar 2020 09:59:16 +0000 (+1030)
Subject: XCOFF64 uninitialised read
X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=c15a8f173e9b01dd962ba857b7deb547d34bca5b;p=binutils-gdb.git

XCOFF64 uninitialised read

Like git commit 67338173a4.

	* coff64-rs6000.c (xcoff64_slurp_armap): Ensure size is large
	enough to read number of symbols.
---

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 62e564e1dce..2e0abc83599 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2020-03-22  Alan Modra  <amodra@gmail.com>
+
+	* coff64-rs6000.c (xcoff64_slurp_armap): Ensure size is large
+	enough to read number of symbols.
+
 2020-03-20  H.J. Lu  <hongjiu.lu@intel.com>
 
 	* configure.ac (HAVE_EXECUTABLE_SUFFIX): Removed.
diff --git a/bfd/coff64-rs6000.c b/bfd/coff64-rs6000.c
index cca876eb4e0..d34e25903ce 100644
--- a/bfd/coff64-rs6000.c
+++ b/bfd/coff64-rs6000.c
@@ -1933,9 +1933,9 @@ xcoff64_slurp_armap (bfd *abfd)
     return FALSE;
 
   sz = bfd_scan_vma (hdr.size, (const char **) NULL, 10);
-  if (sz == (bfd_size_type) -1)
+  if (sz + 1 < 9)
     {
-      bfd_set_error (bfd_error_no_memory);
+      bfd_set_error (bfd_error_bad_value);
       return FALSE;
     }