pr22887

# DP: PR22887, null pointer dereference in aout_32_swap_std_reloc_out

From 116acb2c268c89c89186673a7c92620d21825b25 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Wed, 28 Feb 2018 22:09:50 +1030
Subject: [PATCH] PR22887, null pointer dereference in
 aout_32_swap_std_reloc_out

	PR 22887
	* aoutx.h (swap_std_reloc_in): Correct r_index bound check.

Gbp-Pq: Name pr22887.diff

diff --git a/bfd/aoutx.h b/bfd/aoutx.h
index eec9c4ad2a194272a2164b4d632757a5e485a9f1..8abaeb9e1d7b9f09be5eafb97d332c8786691317 100644 (file)
--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
@@ -2283,10 +2283,12 @@ NAME (aout, swap_std_reloc_in) (bfd *abfd,
   if (r_baserel)
     r_extern = 1;
 
-  if (r_extern && r_index > symcount)
+  if (r_extern && r_index >= symcount)
     {
       /* We could arrange to return an error, but it might be useful
-        to see the file even if it is bad.  */
+        to see the file even if it is bad.  FIXME: Of course this
+        means that objdump -r *doesn't* see the actual reloc, and
+        objcopy silently writes a different reloc.  */
       r_extern = 0;
       r_index = N_ABS;
     }