Fix address violation when parsing a corrupt PE binary.

	PR binutils/22113
	* peXXigen.c (pe_print_idata): Extend check for HintName vector
	entries.

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 7c208ca..3d807b9 100644 (file)
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-09-14  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/22113
+       * peXXigen.c (pe_print_idata): Extend check for HintName vector
+       entries.
+
 2017-09-13  H.J. Lu  <hongjiu.lu@intel.com>
 
        * elfxx-x86.h: Fix a typo in comments.

diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c
index d24c5f8..db44053 100644 (file)
--- a/bfd/peXXigen.c
+++ b/bfd/peXXigen.c
@@ -1514,7 +1514,7 @@ pe_print_idata (bfd * abfd, void * vfile)
                         member_high, member,
                         WithoutHighBit (member_high), member);
              /* PR binutils/17512: Handle corrupt PE data.  */
-             else if (amt + 2 >= datasize)
+             else if (amt >= datasize || amt + 2 >= datasize)
                fprintf (file, _("\t<corrupt: 0x%04lx>"), member);
              else
                {
@@ -1548,11 +1548,12 @@ pe_print_idata (bfd * abfd, void * vfile)
                break;
 
              amt = member - adj;
+
              if (HighBitSet (member))
                fprintf (file, "\t%04lx\t %4lu  <none>",
                         member, WithoutHighBit (member));
              /* PR binutils/17512: Handle corrupt PE data.  */
-             else if (amt + 2 >= datasize)
+             else if (amt >= datasize || amt + 2 >= datasize)
                fprintf (file, _("\t<corrupt: 0x%04lx>"), member);
              else
                {