From 690725fa0d98ae52c991f4b3ea58b6b47b4fbc80 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Fri, 31 Oct 2014 18:00:55 +0000
Subject: [PATCH] Fix an (almost) infinite loop in the tekhex parser.

	PR binutils/17512
	* tekhex.c (first_phase): Check that the section range is sane.
---
 bfd/ChangeLog | 1 +
 bfd/tekhex.c  | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index accbcc953eb..d861257d510 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -5,6 +5,7 @@
 	symbol table bigger than the file.
 	* elf.c (bfd_elf_get_str_section): Do not try to load a string
 	table bigger than the file.
+	* tekhex.c (first_phase): Check that the section range is sane.
 
 2014-10-30  Nick Clifton  <nickc@redhat.com>
 
diff --git a/bfd/tekhex.c b/bfd/tekhex.c
index 2220d50c1e6..85f55931c3f 100644
--- a/bfd/tekhex.c
+++ b/bfd/tekhex.c
@@ -403,6 +403,9 @@ first_phase (bfd *abfd, int type, char *src)
 	      if (!getvalue (&src, &val))
 		return FALSE;
 	      section->size = val - section->vma;
+	      /* PR binutils/17512: Make sure that the size is sane.  */
+	      if (section->size > (bfd_size_type) bfd_get_size (abfd))
+		return FALSE;
 	      section->flags = SEC_HAS_CONTENTS | SEC_LOAD | SEC_ALLOC;
 	      break;
 	    case '0':
-- 
2.30.2