X-Git-Url: http://drtracing.org/?a=blobdiff_plain;f=binutils%2Fcoffgrok.c;h=52ed9206698dce2f6b2d9e9fb5a2ced16c935016;hb=128e85e3ab36b8e30f6612fb50de3cbb4ede6824;hp=2bbfdc45b42bc4af07ccdc87a24eb6a6a21b952a;hpb=f641dd969f91a83adf319b269c2411141b0a26a9;p=deliverable%2Fbinutils-gdb.git

diff --git a/binutils/coffgrok.c b/binutils/coffgrok.c
index 2bbfdc45b4..52ed920669 100644
--- a/binutils/coffgrok.c
+++ b/binutils/coffgrok.c
@@ -1,5 +1,5 @@
 /* coffgrok.c
-   Copyright (C) 1994-2015 Free Software Foundation, Inc.
+   Copyright (C) 1994-2016 Free Software Foundation, Inc.
 
    This file is part of GNU Binutils.
 
@@ -428,7 +428,16 @@ do_type (unsigned int i)
 
 	  if (aux->x_sym.x_tagndx.p)
 	    {
-	      unsigned int idx = INDEXOF (aux->x_sym.x_tagndx.p);
+	      unsigned int idx;
+
+	      /* PR 17512: file: e72f3988.  */
+	      if (aux->x_sym.x_tagndx.l < 0 || aux->x_sym.x_tagndx.p < rawsyms)
+		{
+		  non_fatal (_("Invalid tag index %#lx encountered"), aux->x_sym.x_tagndx.l);
+		  idx = 0;
+		}
+	      else
+		idx = INDEXOF (aux->x_sym.x_tagndx.p);
 
 	      if (idx >= rawcount)
 		{
@@ -515,7 +524,17 @@ do_type (unsigned int i)
 
 	    ++dimind;
 	    ptr->type = coff_array_type;
-	    ptr->size = els * res->size;
+	    /* PR 17512: file: ae1971e2.
+	       Check for integer overflow.  */
+	    {
+	      long long a, z;
+	      a = els;
+	      z = res->size;
+	      a *= z;
+	      ptr->size = (int) a;
+	      if (ptr->size != a)
+		non_fatal (_("Out of range sum for els (%#x) * size (%#x)"), els, res->size);
+	    }
 	    ptr->u.array.dim = els;
 	    ptr->u.array.array_of = res;
 	    res = ptr;
@@ -668,12 +687,22 @@ do_define (unsigned int i, struct coff_scope *b)
 
 	  if (!is->init)
 	    {
-	      long high = s->where->offset + s->type->size; 
-
 	      is->low = s->where->offset;
-	      is->high = high;
+	      /* PR 17512: file: 37e7a80d.
+		 Check for integer overflow computing low + size.  */
+	      {
+		long long a, z;
+
+		a = s->where->offset;
+		z = s->type->size;
+		a += z;
+		is->high = (int) a;
+		if (a != is->high)
+		  non_fatal (_("Out of range sum for offset (%#x) + size (%#x)"),
+			     is->low, s->type->size);
+	      }
 	      /* PR 17512: file: 37e7a80d.  */
-	      if (is->high != high)
+	      if (is->high < s->where->offset)
 		fatal (_("Out of range type size: %u"), s->type->size);
 	      is->init = 1;
 	      is->parent = s->where->section;
@@ -857,7 +886,7 @@ coff_grok (bfd *inabfd)
       non_fatal (_("%s: is not a COFF format file"), bfd_get_filename (abfd));
       return NULL;
     }
-  
+
   storage = bfd_get_symtab_upper_bound (abfd);
 
   if (storage < 0)