From 6879f5a99e25c068fec34126b6b0fe4325223aa0 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Wed, 21 Jun 2017 16:36:44 +0100
Subject: [PATCH] Fix addrss violation when processing a corrupt SH COFF
 binary.

	PR binutils/21646
	* coff-sh.c (sh_reloc): Check for an out of range reloc.
---
 bfd/ChangeLog | 5 +++++
 bfd/coff-sh.c | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 35b9d97..b1cf4f9 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,10 @@
 2017-06-21  Nick Clifton  <nickc@redhat.com>
 
+	PR binutils/21646
+	* coff-sh.c (sh_reloc): Check for an out of range reloc.
+
+2017-06-21  Nick Clifton  <nickc@redhat.com>
+
 	PR binutils/21639
 	* vms-misc.c (_bfd_vms_save_sized_string): Use unsigned int as
 	type of the size parameter.
diff --git a/bfd/coff-sh.c b/bfd/coff-sh.c
index d76f98a..26d296b 100644
--- a/bfd/coff-sh.c
+++ b/bfd/coff-sh.c
@@ -596,6 +596,9 @@ sh_reloc (bfd *      abfd,
       && bfd_is_und_section (symbol_in->section))
     return bfd_reloc_undefined;
 
+  if (addr > input_section->size)
+    return bfd_reloc_outofrange;
+
   sym_value = get_symbol_value (symbol_in);
 
   switch (r_type)
@@ -2910,7 +2913,6 @@ sh_coff_get_relocated_section_contents (bfd *output_bfd,
   struct internal_reloc *internal_relocs = NULL;
   struct internal_syment *internal_syms = NULL;
 
-fprintf (stderr, "DATA = %p\n", data);
   /* We only need to handle the case of relaxing, or of having a
      particular set of section contents, specially.  */
   if (relocatable
-- 
2.7.4