From e62071b60e0a89780a5b3a153365805346b38614 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Thu, 26 Jul 2007 12:34:43 +0000
Subject: 	* srec.c (srec_get_section_contents): Return immediately on 
 count zero.  Check that offset and count are within section. 	* libbfd.c
 (_bfd_generic_get_section_contents): Check that 	offset + count does
 not overflow.

---
 bfd/srec.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'bfd/srec.c')

diff --git a/bfd/srec.c b/bfd/srec.c
index a5f588c231..ebb039bba3 100644
--- a/bfd/srec.c
+++ b/bfd/srec.c
@@ -781,10 +781,20 @@ srec_get_section_contents (bfd *abfd,
 			   file_ptr offset,
 			   bfd_size_type count)
 {
+  if (count == 0)
+    return TRUE;
+
+  if (offset + count < count
+      || offset + count > section->size)
+    {
+      bfd_set_error (bfd_error_invalid_operation);
+      return FALSE;
+    }
+
   if (section->used_by_bfd == NULL)
     {
       section->used_by_bfd = bfd_alloc (abfd, section->size);
-      if (section->used_by_bfd == NULL && section->size != 0)
+      if (section->used_by_bfd == NULL)
 	return FALSE;
 
       if (! srec_read_section (abfd, section, section->used_by_bfd))
-- 
cgit v1.2.3