From de25939739ffe9a9ad7cec07a35bb2a1e430fe39 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Fri, 18 Aug 2017 08:45:12 +0100
Subject: [PATCH] Fix buffer overrun parsing a corrupt tekhex binary.

	PR binutils/21962
	* tekhex.c (getsym): Fix check for source pointer walking off the
	end of the input buffer.
---
 bfd/ChangeLog | 6 ++++++
 bfd/tekhex.c  | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index e1985a4..79dfa1d 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-08-18  Nick Clifton  <nickc@redhat.com>
+
+	PR binutils/21962
+	* tekhex.c (getsym): Fix check for source pointer walking off the
+	end of the input buffer.
+
 2017-08-17  Szabolcs Nagy  <szabolcs.nagy@arm.com>
 
 	PR ld/18808
diff --git a/bfd/tekhex.c b/bfd/tekhex.c
index 1d605d5..cb4b624 100644
--- a/bfd/tekhex.c
+++ b/bfd/tekhex.c
@@ -307,7 +307,7 @@ getsym (char *dstp, char **srcp, unsigned int *lenp, char * endp)
   len = hex_value (*src++);
   if (len == 0)
     len = 16;
-  for (i = 0; i < len && src < endp; i++)
+  for (i = 0; i < len && (src + i) < endp; i++)
     dstp[i] = src[i];
   dstp[i] = 0;
   *srcp = src + i;
-- 
2.7.4