From d8ed269e5c875845fcd0f1a25457eafe3f485249 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Wed, 24 Nov 2021 17:02:02 +0000
Subject: [PATCH] Fix an illegal memory access parsing a corrupt sysroff file.

	PR 28564
	* sysdump.c (getCHARS): Check for an out of bounds read.
---
 binutils/ChangeLog | 5 +++++
 binutils/sysdump.c | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 8d2f0413f9f..cc742ec4951 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,8 @@
+2021-11-24  Nick Clifton  <nickc@redhat.com>
+
+	PR 28564
+	* sysdump.c (getCHARS): Check for an out of bounds read.
+
 2021-11-16  Fangrui Song  <maskray@google.com>
 
 	* readelf.c (enum relocation_type): New.
diff --git a/binutils/sysdump.c b/binutils/sysdump.c
index 35796e829a0..3aa046ffe43 100644
--- a/binutils/sysdump.c
+++ b/binutils/sysdump.c
@@ -60,6 +60,12 @@ getCHARS (unsigned char *ptr, int *idx, int size, int max)
       (*idx) += 8;
     }
 
+  if (oc + b > size)
+    {
+      /* PR 28564  */
+      return _("*corrupt*");
+    }
+
   *idx += b * 8;
   r = xcalloc (b + 1, 1);
   memcpy (r, ptr + oc, b);
-- 
2.30.2