Fix another memory access error triggered by attempting to parse a corrupt binary.

PR 21813 (alpha_vms_object_p): Check for a truncated record.
author: Nick Clifton <nickc@redhat.com> 2017-07-24 14:04:04 +0100
committer: Nick Clifton <nickc@redhat.com> 2017-07-24 14:04:04 +0100
commit: 8a2df5e2df374289e00ecd8f099eb46d76ef982e (patch)
tree: 9808c7cc729024ff78cee25bd7fa3ded70367b46
parent: ca4cf9b9c622a5695e01f7f5815a7382a31fcf51 (diff)
download: binutils-gdb-8a2df5e2df374289e00ecd8f099eb46d76ef982e.tar.gz
2 files changed, 5 insertions, 0 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index a854a1266e1..9ae5da99ebe 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -22,6 +22,8 @@
 	(image_set_ptr): Likewise.
 	(alpha_vms_slurp_relocs): Likewise.
 
+	(alpha_vms_object_p): Check for a truncated record.
+
 2017-07-24  Nick Clifton  <nickc@redhat.com>
 
 	PR 21803
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 5e9170d7b1b..610b034ccd0 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -2679,6 +2679,9 @@ alpha_vms_object_p (bfd *abfd)
           PRIV (recrd.buf_size) = PRIV (recrd.rec_size);
         }
 
+      /* PR 21813: Check for a truncated record.  */
+      if (PRIV (recrd.rec_size < test_len))
+	goto error_ret;
       /* Read the remaining record.  */
       remaining = PRIV (recrd.rec_size) - test_len;
       to_read = MIN (VMS_BLOCK_SIZE - test_len, remaining);
author	Nick Clifton <nickc@redhat.com>	2017-07-24 14:04:04 +0100
committer	Nick Clifton <nickc@redhat.com>	2017-07-24 14:04:04 +0100
commit	8a2df5e2df374289e00ecd8f099eb46d76ef982e (patch)
tree	9808c7cc729024ff78cee25bd7fa3ded70367b46
parent	ca4cf9b9c622a5695e01f7f5815a7382a31fcf51 (diff)
download	binutils-gdb-8a2df5e2df374289e00ecd8f099eb46d76ef982e.tar.gz