From 7e760b06b212f01b3819d5b37e8f5b613e0db34c Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Thu, 30 Oct 2014 15:52:10 +0000
Subject: [PATCH] Closes another memory corruption, this time due to heap
 overrun.

	PR binutils/17512
	* coffgen.c (coff_get_normalized_symtab): Prevent buffer overrun.
---
 bfd/ChangeLog | 5 +++++
 bfd/coffgen.c | 8 ++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index a5790a5..f25c1b1 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2014-10-30  Nick Clifton  <nickc@redhat.com>
+
+	PR binutils/17512
+	* coffgen.c (coff_get_normalized_symtab): Prevent buffer overrun.
+
 2014-10-29  Nick Clifton  <nickc@redhat.com>
 
 	* elf.c (bfd_section_from_shdr): Fix heap use after free memory
diff --git a/bfd/coffgen.c b/bfd/coffgen.c
index 3f22389..a1a0325 100644
--- a/bfd/coffgen.c
+++ b/bfd/coffgen.c
@@ -1748,7 +1748,7 @@ coff_get_normalized_symtab (bfd *abfd)
   if (internal == NULL && size != 0)
     return NULL;
   internal_end = internal + obj_raw_syment_count (abfd);
-
+  
   if (! _bfd_coff_get_external_symbols (abfd))
     return NULL;
 
@@ -1766,8 +1766,8 @@ coff_get_normalized_symtab (bfd *abfd)
        raw_src < raw_end;
        raw_src += symesz, internal_ptr++)
     {
-
       unsigned int i;
+
       bfd_coff_swap_sym_in (abfd, (void *) raw_src,
 			    (void *) & internal_ptr->u.syment);
       symbol_ptr = internal_ptr;
@@ -1777,6 +1777,10 @@ coff_get_normalized_symtab (bfd *abfd)
 	   i++)
 	{
 	  internal_ptr++;
+	  /* PR 17512: Prevent buffer overrun.  */
+	  if (internal_ptr >= internal_end)
+	    return NULL;
+
 	  raw_src += symesz;
 	  bfd_coff_swap_aux_in (abfd, (void *) raw_src,
 				symbol_ptr->u.syment.n_type,
-- 
2.7.4