From 7d38e1c49f6f7653169571fe7502044e370f303f Mon Sep 17 00:00:00 2001
From: Eric Pouech <eric.pouech@orange.fr>
Date: Sun, 20 May 2012 09:43:52 +0200
Subject: [PATCH] dbghelp: Protect COFF line number parsing against out of
 bounds access. (cherry picked from commit
 dbd70d09176129b5f76c921e1c6c1e18075319c2)

---
 dlls/dbghelp/coff.c | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/dlls/dbghelp/coff.c b/dlls/dbghelp/coff.c
index 54bd278b936..9f01fd26d6e 100644
--- a/dlls/dbghelp/coff.c
+++ b/dlls/dbghelp/coff.c
@@ -424,26 +424,26 @@ DECLSPEC_HIDDEN BOOL coff_process_info(const struct msc_debug_info* msc_dbg)
                      * If we have spilled onto the next entrypoint, then
                      * bump the counter..
                      */
-                    for (;;)
+                    for (; l+1 < coff_files.files[j].neps; l++)
                     {
-                        if (l+1 >= coff_files.files[j].neps) break;
-                        symt_get_address(coff_files.files[j].entries[l+1], &addr);
-                        if (((msc_dbg->module->module.BaseOfImage + linepnt->Type.VirtualAddress) < addr))
+                        if (symt_get_address(coff_files.files[j].entries[l+1], &addr) &&
+                            msc_dbg->module->module.BaseOfImage + linepnt->Type.VirtualAddress < addr)
+                        {
+                            if (coff_files.files[j].entries[l+1]->tag == SymTagFunction)
+                            {
+                                /*
+                                 * Add the line number.  This is always relative to the
+                                 * start of the function, so we need to subtract that offset
+                                 * first.
+                                 */
+                                symt_add_func_line(msc_dbg->module,
+                                                   (struct symt_function*)coff_files.files[j].entries[l+1],
+                                                   coff_files.files[j].compiland->source,
+                                                   linepnt->Linenumber,
+                                                   msc_dbg->module->module.BaseOfImage + linepnt->Type.VirtualAddress - addr);
+                            }
                             break;
-                        l++;
-                    }
-
-                    if (coff_files.files[j].entries[l+1]->tag == SymTagFunction)
-                    {
-                        /*
-                         * Add the line number.  This is always relative to the
-                         * start of the function, so we need to subtract that offset
-                         * first.
-                         */
-                        symt_get_address(coff_files.files[j].entries[l+1], &addr);
-                        symt_add_func_line(msc_dbg->module, (struct symt_function*)coff_files.files[j].entries[l+1], 
-                                           coff_files.files[j].compiland->source, linepnt->Linenumber,
-                                           msc_dbg->module->module.BaseOfImage + linepnt->Type.VirtualAddress - addr);
+                        }
                     }
                 }
             }
-- 
2.11.4.GIT