From 6438d1be9e9b6802a465c70c76b9cec7e23270f3 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Fri, 17 Feb 2017 11:39:20 +0000
Subject: [PATCH] Fix potential illegal memory access in ZLIB because of an
 erroneous declaration of the size of the input buffer.

	* compress.c (bfd_get_full_section_contents): Remember to reduce
	compressed size by the sizeof the compression header when
	decompressing the contents.
---
 bfd/ChangeLog  | 6 ++++++
 bfd/compress.c | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index be8bd68..3f3adc0 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-02-17  Nick Clifton  <nickc@redhat.com>
+
+	* compress.c (bfd_get_full_section_contents): Remember to reduce
+	compressed size by the sizeof the compression header when
+	decompressing the contents.
+
 2017-02-17  Pedro Alves  <palves@redhat.com>
 
 	* srec.c (Chunk): Rename to ...
diff --git a/bfd/compress.c b/bfd/compress.c
index 1ed7d74..f881c07 100644
--- a/bfd/compress.c
+++ b/bfd/compress.c
@@ -300,7 +300,7 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr)
 	   SHF_COMPRESSED section.  */
 	compression_header_size = 12;
       if (!decompress_contents (compressed_buffer + compression_header_size,
-				sec->compressed_size, p, sz))
+				sec->compressed_size - compression_header_size, p, sz))
 	{
 	  bfd_set_error (bfd_error_bad_value);
 	  if (p != *ptr)
-- 
2.7.4