From 04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Wed, 26 Apr 2017 16:30:22 +0100
Subject: [PATCH] Fix a seg-fault when processing a corrupt binary containing
 reloc(s) with negative addresses.

	PR binutils/21434
	* reloc.c (bfd_perform_relocation): Check for a negative address
	in the reloc.
---
 bfd/ChangeLog | 6 ++++++
 bfd/reloc.c   | 5 ++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index c75897c..26b3572 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-04-26  Nick Clifton  <nickc@redhat.com>
+
+	PR binutils/21434
+	* reloc.c (bfd_perform_relocation): Check for a negative address
+	in the reloc.
+
 2017-04-26  Maciej W. Rozycki  <macro@imgtec.com>
 
 	PR ld/21334
diff --git a/bfd/reloc.c b/bfd/reloc.c
index 2791458..9a04022 100644
--- a/bfd/reloc.c
+++ b/bfd/reloc.c
@@ -624,7 +624,10 @@ bfd_perform_relocation (bfd *abfd,
      PR 17512: file: c146ab8b, 46dff27f, 38e53ebf.  */
   octets = reloc_entry->address * bfd_octets_per_byte (abfd);
   if (octets + bfd_get_reloc_size (howto)
-      > bfd_get_section_limit_octets (abfd, input_section))
+      > bfd_get_section_limit_octets (abfd, input_section)
+      /* Check for an overly large offset which
+	 masquerades as a negative value too.  */
+      || (octets + bfd_get_reloc_size (howto) < bfd_get_reloc_size (howto)))
     return bfd_reloc_outofrange;
 
   /* Work out which section the relocation is targeted at and the
-- 
2.7.4