From 4d5b27b30b06cbe3fb8103a323c35970925ccffd Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Wed, 22 Mar 2023 09:06:48 +1030
Subject: [PATCH] Sanity check coff-sh and coff-mcore sym string offset

	* coff-mcore.c (coff_mcore_relocate_section): Sanity check sym
	string offset when setting up name for use by error messages.
	* coff-sh.c (sh_relocate_section): Likewise.
---
 bfd/coff-mcore.c | 8 +++++++-
 bfd/coff-sh.c    | 7 ++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/bfd/coff-mcore.c b/bfd/coff-mcore.c
index e360d5efe14..96a1c9d44bc 100644
--- a/bfd/coff-mcore.c
+++ b/bfd/coff-mcore.c
@@ -434,7 +434,13 @@ coff_mcore_relocate_section (bfd * output_bfd,
 		my_name = "*unknown*";
 	      else if (   sym->_n._n_n._n_zeroes == 0
 		       && sym->_n._n_n._n_offset != 0)
-		my_name = obj_coff_strings (input_bfd) + sym->_n._n_n._n_offset;
+		{
+		  if (sym->_n._n_n._n_offset < obj_coff_strings_len (input_bfd))
+		    my_name = (obj_coff_strings (input_bfd)
+			       + sym->_n._n_n._n_offset);
+		  else
+		    my_name = "?";
+		}
 	      else
 		{
 		  strncpy (buf, sym->_n._n_name, SYMNMLEN);
diff --git a/bfd/coff-sh.c b/bfd/coff-sh.c
index 50e9043993b..14f502e3638 100644
--- a/bfd/coff-sh.c
+++ b/bfd/coff-sh.c
@@ -2866,7 +2866,12 @@ sh_relocate_section (bfd *output_bfd ATTRIBUTE_UNUSED,
 	      name = NULL;
 	    else if (sym->_n._n_n._n_zeroes == 0
 		     && sym->_n._n_n._n_offset != 0)
-	      name = obj_coff_strings (input_bfd) + sym->_n._n_n._n_offset;
+	      {
+		if (sym->_n._n_n._n_offset < obj_coff_strings_len (input_bfd))
+		  name = obj_coff_strings (input_bfd) + sym->_n._n_n._n_offset;
+		else
+		  name = "?";
+	      }
 	    else
 	      {
 		strncpy (buf, sym->_n._n_name, SYMNMLEN);
-- 
2.30.2