From a0a3b04c61d7aa79e265224540930cf4057acfb3 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Mon, 12 Jan 2015 13:34:24 -0800
Subject: [PATCH] Properly check abbrev size

abbrev_base is independent of abbrev_size.  We should use abbrev_base +
abbrev_size to check abbrev section size.

	* dwarf.c (process_debug_info): Properly check abbrev size.
---
 binutils/ChangeLog | 4 ++++
 binutils/dwarf.c   | 9 +++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index af7689bf6b1..372230ee86f 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,7 @@
+2015-01-12  H.J. Lu  <hongjiu.lu@intel.com>
+
+	* dwarf.c (process_debug_info): Properly check abbrev size.
+
 2015-01-12  Nick Clifton  <nickc@redhat.com>
 
 	PR binutils/17531
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index a7310c89272..d82c89c6bec 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -2467,10 +2467,11 @@ process_debug_info (struct dwarf_section *section,
 	      (unsigned long) compunit.cu_abbrev_offset,
 	      (unsigned long) abbrev_size);
       /* PR 17531: file:4bcd9ce9.  */ 
-      else if (abbrev_base >= abbrev_size)
-	warn (_("Debug info is corrupted, abbrev base (%lx) is larger than abbrev section size (%lx)\n"),
-	      (unsigned long) abbrev_base,
-	      (unsigned long) abbrev_size);
+      else if ((abbrev_base + abbrev_size)
+	       > debug_displays [abbrev_sec].section.size)
+	warn (_("Debug info is corrupted, abbrev size (%lx) is larger than abbrev section size (%lx)\n"),
+	      (unsigned long) abbrev_base + abbrev_size,
+	      (unsigned long) debug_displays [abbrev_sec].section.size);
       else
 	process_abbrev_section
 	  (((unsigned char *) debug_displays [abbrev_sec].section.start
-- 
2.30.2