From 5cfe19e51ee06feb191b33a934bcf6cfaaace7b1 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Fri, 30 Jul 2021 12:58:12 +0930
Subject: [PATCH] reloc_upper_bound size calculations

Section reloc_count is an unsigned int.  Adding one for a NULL
terminator to an array of arelent pointers can wrap the count to
zero.  Avoid that by doing the addition as longs.

	* coffgen.c (coff_get_reloc_upper_bound): Don't overflow unsigned
	int expression.
	* elf.c (_bfd_elf_get_reloc_upper_bound): Likewise.
	* elf64-sparc.c (elf64_sparc_get_reloc_upper_bound): Likewise.
	* mach-o.c (bfd_mach_o_get_reloc_upper_bound): Likewise.
	* vms-alpha.c (alpha_vms_get_reloc_upper_bound): Likewise.
---
 bfd/coffgen.c     | 2 +-
 bfd/elf.c         | 2 +-
 bfd/elf64-sparc.c | 2 +-
 bfd/mach-o.c      | 2 +-
 bfd/vms-alpha.c   | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index ca936828468..77bda9e9947 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1996,7 +1996,7 @@ coff_get_reloc_upper_bound (bfd *abfd, sec_ptr asect)
       return -1;
     }
 #endif
-  return (asect->reloc_count + 1) * sizeof (arelent *);
+  return (asect->reloc_count + 1L) * sizeof (arelent *);
 }
 
 asymbol *
diff --git a/bfd/elf.c b/bfd/elf.c
index de5abafabf0..d0898855de8 100644
--- a/bfd/elf.c
+++ b/bfd/elf.c
@@ -8559,7 +8559,7 @@ _bfd_elf_get_reloc_upper_bound (bfd *abfd, sec_ptr asect)
       return -1;
     }
 #endif
-  return (asect->reloc_count + 1) * sizeof (arelent *);
+  return (asect->reloc_count + 1L) * sizeof (arelent *);
 }
 
 /* Canonicalize the relocs.  */
diff --git a/bfd/elf64-sparc.c b/bfd/elf64-sparc.c
index 035ebdd45ce..d43784a1b44 100644
--- a/bfd/elf64-sparc.c
+++ b/bfd/elf64-sparc.c
@@ -44,7 +44,7 @@ elf64_sparc_get_reloc_upper_bound (bfd *abfd ATTRIBUTE_UNUSED, asection *sec)
       return -1;
     }
 #endif
-  return (sec->reloc_count * 2 + 1) * sizeof (arelent *);
+  return (sec->reloc_count * 2L + 1) * sizeof (arelent *);
 }
 
 static long
diff --git a/bfd/mach-o.c b/bfd/mach-o.c
index ff18ded23d5..a26a68fa440 100644
--- a/bfd/mach-o.c
+++ b/bfd/mach-o.c
@@ -1427,7 +1427,7 @@ bfd_mach_o_get_reloc_upper_bound (bfd *abfd ATTRIBUTE_UNUSED,
       return -1;
     }
 #endif
- return (asect->reloc_count + 1) * sizeof (arelent *);
+ return (asect->reloc_count + 1L) * sizeof (arelent *);
 }
 
 /* In addition to the need to byte-swap the symbol number, the bit positions
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 41cc94440b3..bd49b7af3c7 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -5443,7 +5443,7 @@ alpha_vms_get_reloc_upper_bound (bfd *abfd ATTRIBUTE_UNUSED, asection *section)
 {
   alpha_vms_slurp_relocs (abfd);
 
-  return (section->reloc_count + 1) * sizeof (arelent *);
+  return (section->reloc_count + 1L) * sizeof (arelent *);
 }
 
 /* Convert relocations from VMS (external) form into BFD internal
-- 
2.30.2