Fix address violation parsing a corrupt texhex format file.

	PR binutils/21670
	* tekhex.c (getvalue): Check for the source pointer exceeding the
	end pointer before the first byte is read.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 8a4352f..6cf71c3 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,11 @@
 2017-06-26  Nick Clifton  <nickc@redhat.com>
 
+       PR binutils/21670
+       * tekhex.c (getvalue): Check for the source pointer exceeding the
+       end pointer before the first byte is read.
+
+2017-06-26  Nick Clifton  <nickc@redhat.com>
+
        PR binutils/21665
        * opncls.c (get_build_id): Check that the section is beig enough
        to contain the whole note.

diff --git a/bfd/tekhex.c b/bfd/tekhex.c
index 214b54a..cfa75d5 100644 (file)
--- a/bfd/tekhex.c
+++ b/bfd/tekhex.c
@@ -273,6 +273,9 @@ getvalue (char **srcp, bfd_vma *valuep, char * endp)
   bfd_vma value = 0;
   unsigned int len;
 
+  if (src >= endp)
+    return FALSE;
+
   if (!ISHEX (*src))
     return FALSE;
 
@@ -514,9 +517,10 @@ pass_over (bfd *abfd, bfd_boolean (*func) (bfd *, int, char *, char *))
   /* To the front of the file.  */
   if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0)
     return FALSE;
+
   while (! is_eof)
     {
-      char src[MAXCHUNK];
+      static char src[MAXCHUNK];
       char type;
 
       /* Find first '%'.  */