From ebe412a7186f1acbc5753d3236f3cab4999f7b90 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Fri, 18 Aug 2017 08:47:16 +0100
Subject: [PATCH] Fix buffer overrun when parsing a corrupt tekhex binary.

	PR binutils/21962
	* tekhex.c (getsym): Fix check for source pointer walking off the
	end of the input buffer.
---
 bfd/ChangeLog | 8 ++++++++
 bfd/tekhex.c  | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index bb40871af23..f9b551557cb 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,11 @@
+2017-08-18  Nick Clifton  <nickc@redhat.com>
+
+	Import from mainline:
+
+	PR binutils/21962
+	* tekhex.c (getsym): Fix check for source pointer walking off the
+	end of the input buffer.
+
 2017-08-17  Szabolcs Nagy  <szabolcs.nagy@arm.com>
 
 	PR ld/18808
diff --git a/bfd/tekhex.c b/bfd/tekhex.c
index 1d605d5e373..cb4b624d408 100644
--- a/bfd/tekhex.c
+++ b/bfd/tekhex.c
@@ -307,7 +307,7 @@ getsym (char *dstp, char **srcp, unsigned int *lenp, char * endp)
   len = hex_value (*src++);
   if (len == 0)
     len = 16;
-  for (i = 0; i < len && src < endp; i++)
+  for (i = 0; i < len && (src + i) < endp; i++)
     dstp[i] = src[i];
   dstp[i] = 0;
   *srcp = src + i;
-- 
2.47.2