Fix an illegal memory access in the BFD library which can be triggered by attempting to parse a corrupt PE format file.

PR26240 * coffgen.c (coff_get_normalized_symtab): Fix off-by-one error in check for aux entries that overflow the buufer.
2020-07-15 11:09:59 +01:00
parent 52781cce79
commit 4fd8d58564
2 changed files with 7 additions and 1 deletions
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1814,7 +1814,7 @@ coff_get_normalized_symtab (bfd *abfd)
      internal_ptr->is_sym = TRUE;

      /* PR 17512: Prevent buffer overrun.  */
-      if (symbol_ptr->u.syment.n_numaux > (raw_end - raw_src) / symesz)
+      if (symbol_ptr->u.syment.n_numaux > ((raw_end - 1) - raw_src) / symesz)
 	{
 	  bfd_release (abfd, internal);
 	  return NULL;