More fixes for illegal memory accesses triggered by running objdump on fuzzed binaries.

[deliverable/binutils-gdb.git] / bfd / ecoff.c

diff --git a/bfd/ecoff.c b/bfd/ecoff.c
index 504d6b987f4637cbf290f827914f52d1b31d014e..a8ba28a30e66ef4f601bb6f08a5e8b594e734ccc 100644 (file)
--- a/bfd/ecoff.c
+++ b/bfd/ecoff.c
@@ -504,7 +504,6 @@ _bfd_ecoff_slurp_symbolic_info (bfd *abfd,
   struct fdr *fdr_ptr;
   bfd_size_type raw_end;
   bfd_size_type cb_end;
-  bfd_size_type amt;
   file_ptr pos;
 
   BFD_ASSERT (debug == &ecoff_data (abfd)->debug_info);
@@ -607,9 +606,8 @@ _bfd_ecoff_slurp_symbolic_info (bfd *abfd,
 
      We need to look at the fdr to deal with a lot of information in
      the symbols, so we swap them here.  */
-  amt = internal_symhdr->ifdMax;
-  amt *= sizeof (struct fdr);
-  debug->fdr = (FDR *) bfd_alloc (abfd, amt);
+  debug->fdr = (FDR *) bfd_alloc2 (abfd, internal_symhdr->ifdMax,
+                                  sizeof (struct fdr));
   if (debug->fdr == NULL)
     return FALSE;
   external_fdr_size = backend->debug_swap.external_fdr_size;
@@ -859,7 +857,6 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
     = backend->debug_swap.swap_ext_in;
   void (* const swap_sym_in) (bfd *, void *, SYMR *)
     = backend->debug_swap.swap_sym_in;
-  bfd_size_type internal_size;
   ecoff_symbol_type *internal;
   ecoff_symbol_type *internal_ptr;
   char *eraw_src;
@@ -878,9 +875,8 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
   if (bfd_get_symcount (abfd) == 0)
     return TRUE;
 
-  internal_size = bfd_get_symcount (abfd);
-  internal_size *= sizeof (ecoff_symbol_type);
-  internal = (ecoff_symbol_type *) bfd_alloc (abfd, internal_size);
+  internal = (ecoff_symbol_type *) bfd_alloc2 (abfd, bfd_get_symcount (abfd),
+                                              sizeof (ecoff_symbol_type)); 
   if (internal == NULL)
     return FALSE;
 
@@ -896,20 +892,28 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
       (*swap_ext_in) (abfd, (void *) eraw_src, &internal_esym);
 
       /* PR 17512: file: 3372-1000-0.004.  */
-      if (internal_esym.asym.iss >= ecoff_data (abfd)->debug_info.symbolic_header.issExtMax)
+      if (internal_esym.asym.iss >= ecoff_data (abfd)->debug_info.symbolic_header.issExtMax
+         || internal_esym.asym.iss < 0)
        return FALSE;
 
       internal_ptr->symbol.name = (ecoff_data (abfd)->debug_info.ssext
                                   + internal_esym.asym.iss);
+
       if (!ecoff_set_symbol_info (abfd, &internal_esym.asym,
                                  &internal_ptr->symbol, 1,
                                  internal_esym.weakext))
        return FALSE;
-      
+
       /* The alpha uses a negative ifd field for section symbols.  */
       if (internal_esym.ifd >= 0)
-       internal_ptr->fdr = (ecoff_data (abfd)->debug_info.fdr
-                            + internal_esym.ifd);
+       {
+         /* PR 17512: file: 3372-1983-0.004.  */
+         if (internal_esym.ifd >= ecoff_data (abfd)->debug_info.symbolic_header.ifdMax)
+           internal_ptr->fdr = NULL;
+         else
+           internal_ptr->fdr = (ecoff_data (abfd)->debug_info.fdr
+                                + internal_esym.ifd);
+       }
       else
        internal_ptr->fdr = NULL;
       internal_ptr->local = FALSE;