COFF buffer overflow in mark_relocs

* cofflink.c (mark_relocs): Exclude relocs with -1 r_symndx from marking sym_indices.
2016-07-15 17:02:00 +09:30 · 2016-07-15 17:02:00 +09:30 · 06ab6faf83
commit 06ab6faf83
parent 50c1cbe189
2 changed files with 7 additions and 1 deletions
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@ -1,3 +1,8 @@
+2016-07-15  Alan Modra  <amodra@gmail.com>
+
+	* cofflink.c (mark_relocs): Exclude relocs with -1 r_symndx
+	from marking sym_indices.
+
 2016-07-14  Maciej W. Rozycki  <macro@imgtec.com>

 	* reloc.c (bfd_perform_relocation): Try the `howto' handler
--- a/bfd/cofflink.c
+++ b/bfd/cofflink.c
@ -1398,7 +1398,8 @@ mark_relocs (struct coff_final_link_info *flaginfo, bfd *input_bfd)
 	 in the relocation table.  This will then be picked up in the
 	 skip/don't-skip pass.  */
      for (; irel < irelend; irel++)
-	flaginfo->sym_indices[ irel->r_symndx ] = -1;
+	if ((unsigned long) irel->r_symndx < obj_raw_syment_count (input_bfd))
+	  flaginfo->sym_indices[irel->r_symndx] = -1;
    }
 }