From: Alan Modra <amodra@gmail.com>
Date: Thu, 6 Jun 2024 22:57:31 +0000 (+0930)
Subject: Re: Yet another ecoff fuzzed object fix
X-Git-Tag: binutils-2_43~504
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d89cd643c521878572f509093287b5ba229e0fa2;p=thirdparty%2Fbinutils-gdb.git

Re: Yet another ecoff fuzzed object fix

In commit 6fc018e9e593 I replaced the fdr_ptr csym check against the
header isymMax count with a check against bfd symcount.  In fact, both
checks are needed.  The isymMax check sanity checks accesses against
the external sym array, the symcount one against the internal array.

	* ecoff.c (_bfd_ecoff_slurp_symbol_table): Reinstate fdr_ptr
	csym check against isymMax.
---

diff --git a/bfd/ecoff.c b/bfd/ecoff.c
index 533ff1900c0..04501761bd6 100644
--- a/bfd/ecoff.c
+++ b/bfd/ecoff.c
@@ -966,6 +966,7 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
       if (fdr_ptr->isymBase < 0
 	  || fdr_ptr->isymBase > symhdr->isymMax
 	  || fdr_ptr->csym < 0
+	  || fdr_ptr->csym > symhdr->isymMax - fdr_ptr->isymBase
 	  || fdr_ptr->csym > ((long) bfd_get_symcount (abfd)
 			      - (internal_ptr - internal))
 	  || fdr_ptr->issBase < 0