[RFA] Fix a crash in coffread.c (Was: GDB 6.1 branch 2004-02-26-gmt)

["Eli Zaretskii" <eliz at elta dot co dot il>]

> Date: Sat, 21 Feb 2004 18:14:41 +0200
> From: "Eli Zaretskii" <eliz@elta.co.il>
> 
> I built today the latest snapshot of CVS HEAD and found a new
> regression: the DJGPP port crashes at startup while debugging itself.

Bug squashed, I think.  It turned out to be a very old one, actually;
the current CVS HEAD didn't introduce it, it just exposed it because
the GDB binary is now so large.

The bug happens only when GDB (or any other large program) is compiled
with COFF debug info and the line table overflows the 64K limit
allowed by COFF debug info.  I think the patch below fixes that.

Okay to commit?

2004-02-22  Eli Zaretskii  <eliz@elta.co.il>

	* coffread.c (enter_linenos): Don't let rawptr reference memory
	outside linetab[]'s limits.


--- gdb/coffread.c~0	2004-02-14 17:46:32.000000000 +0200
+++ gdb/coffread.c	2004-02-22 22:42:34.000000000 +0200
@@ -1362,11 +1362,15 @@ enter_linenos (long file_offset, int fir
   /* line numbers start at one for the first line of the function */
   first_line--;
 
-  for (;;)
+  /* If the line number is full (e.g. 64K lines in COFF debug info),
+     the next function's L_LNNO32 might not be zero, so don't overstep
+     the table's end in any case.  */
+  for ( ; rawptr <= &linetab[0] + linetab_size; )
     {
       bfd_coff_swap_lineno_in (symfile_bfd, rawptr, &lptr);
       rawptr += local_linesz;
-      /* The next function, or the sentinel, will have L_LNNO32 zero; we exit. */
+      /* The next function, or the sentinel, will have L_LNNO32 zero;
+	 we exit. */
       if (L_LNNO32 (&lptr) && L_LNNO32 (&lptr) <= last_line)
 	record_line (current_subfile, first_line + L_LNNO32 (&lptr),
 		     lptr.l_addr.l_paddr