From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <amodra@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1062)
 id CC9933857735; Fri,  2 Jun 2023 00:12:19 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CC9933857735
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
From: Alan Modra <amodra@sourceware.org>
To: bfd-cvs@sourceware.org
Subject: [binutils-gdb] Re: More ecoff sanity checks
X-Act-Checkin: binutils-gdb
X-Git-Author: Alan Modra <amodra@gmail.com>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 74a965d8e09217f3d8f8295c9126b77cdd62b798
X-Git-Newrev: e0ce6dde97881435d33652572789b94c846cacde
Message-Id: <20230602001219.CC9933857735@sourceware.org>
Date: Fri,  2 Jun 2023 00:12:19 +0000 (GMT)
X-BeenThere: binutils-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils-cvs mailing list <binutils-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils-cvs/>
List-Help: <mailto:binutils-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils-cvs>,
 <mailto:binutils-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jun 2023 00:12:20 -0000

https://sourceware.org/git/gitweb.cgi?p=3Dbinutils-gdb.git;h=3De0ce6dde9788=
1435d33652572789b94c846cacde

commit e0ce6dde97881435d33652572789b94c846cacde
Author: Alan Modra <amodra@gmail.com>
Date:   Fri Jun 2 08:21:36 2023 +0930

    Re: More ecoff sanity checks
   =20
    Another fix for fuzzed object files, exhibiting as a segfault in
    nm.c filter_symbols when accessing a symbol name.
   =20
            * ecoff.c (_bfd_ecoff_slurp_symbol_table): Sanity check
            fdr_ptr->issBase, and tighten sym.iss check.

Diff:
---
 bfd/ecoff.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/bfd/ecoff.c b/bfd/ecoff.c
index 676b8d84017..f2930569f21 100644
--- a/bfd/ecoff.c
+++ b/bfd/ecoff.c
@@ -942,7 +942,9 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
       if (fdr_ptr->isymBase < 0
 	  || fdr_ptr->isymBase > symhdr->isymMax
 	  || fdr_ptr->csym <=3D 0
-	  || fdr_ptr->csym > symhdr->isymMax - fdr_ptr->isymBase)
+	  || fdr_ptr->csym > symhdr->isymMax - fdr_ptr->isymBase
+	  || fdr_ptr->issBase < 0
+	  || fdr_ptr->issBase > symhdr->issMax)
 	continue;
       lraw_src =3D ((char *) ecoff_data (abfd)->debug_info.external_sym
 		  + fdr_ptr->isymBase * external_sym_size);
@@ -955,7 +957,7 @@ _bfd_ecoff_slurp_symbol_table (bfd *abfd)
=20
 	  (*swap_sym_in) (abfd, (void *) lraw_src, &internal_sym);
=20
-	  if (internal_sym.iss >=3D symhdr->issMax
+	  if (internal_sym.iss >=3D symhdr->issMax - fdr_ptr->issBase
 	      || internal_sym.iss < 0)
 	    {
 	      bfd_set_error (bfd_error_bad_value);