PR26430, ASAN: nacl_modify_segment_map elf-nacl.c:164

[Alan Modra]

	PR 26430
	* elf-nacl.c (nacl_modify_segment_map): Correct alloc size and
	amount copied for elf_segment_map defined with one element
	sections array.

diff --git a/bfd/elf-nacl.c b/bfd/elf-nacl.c
index 3a232dfbb0..a7cd827c91 100644
--- a/bfd/elf-nacl.c
+++ b/bfd/elf-nacl.c
@@ -156,13 +156,13 @@ nacl_modify_segment_map (bfd *abfd, struct bfd_link_info *info)
 		  secdata->this_hdr.sh_addr = sec->vma;
 		  secdata->this_hdr.sh_size = sec->size;
 
-		  newseg = bfd_alloc (abfd,
-				      sizeof *newseg + ((seg->count + 1)
-							* sizeof (asection *)));
+		  newseg
+		    = bfd_alloc (abfd, (sizeof (*newseg)
+					+ seg->count * sizeof (asection *)));
 		  if (newseg == NULL)
 		    return FALSE;
-		  memcpy (newseg, seg,
-			  sizeof *newseg + (seg->count * sizeof (asection *)));
+		  memcpy (newseg, seg, (sizeof (*newseg) - sizeof (asection *)
+					+ seg->count * sizeof (asection *)));
 		  newseg->sections[newseg->count++] = sec;
 		  *m = seg = newseg;
 		}

-- 
Alan Modra
Australia Development Lab, IBM