Catch attempts to create a broken symbol index with archives > 4Gb in size. (#835957)

binutils-2.22.52.0.4-ar-4Gb.patch

@@ -134,3 +134,77 @@ Common subdirectories: ../binutils-2.22.52.0.4.orig/binutils/.libs and binutils/
 Common subdirectories: ../binutils-2.22.52.0.4.orig/binutils/po and binutils/po
 Common subdirectories: ../binutils-2.22.52.0.4.orig/binutils/testsuite and binutils/testsuite
 Common subdirectories: ../binutils-2.22.52.0.4.orig/binutils/tmpdir and binutils/tmpdir
+*** ../binutils-2.22.52.0.4.orig/bfd/archive.c	2012-07-05 15:29:37.741339691 +0100
+--- bfd/archive.c	2012-07-05 15:31:58.750343601 +0100
+*************** bsd_write_armap (bfd *arch,
+*** 2405,2410 ****
+--- 2405,2413 ----
+    unsigned int count;
+    struct ar_hdr hdr;
+    long uid, gid;
++   file_ptr max_first_real = 1;
++ 
++   max_first_real <<= 31;
+  
+    firstreal = mapsize + elength + sizeof (struct ar_hdr) + SARMAG;
+  
+*************** bsd_write_armap (bfd *arch,
+*** 2463,2468 ****
+--- 2466,2480 ----
+  	  while (current != map[count].u.abfd);
+  	}
+  
++       /* The archive file format only has 4 bytes to store the offset
++ 	 of the member.  Check to make sure that firstreal has not grown
++ 	 too big.  */
++       if (firstreal >= max_first_real)
++ 	{
++ 	  bfd_set_error (bfd_error_file_truncated);
++ 	  return FALSE;
++ 	}
++       
+        last_elt = current;
+        H_PUT_32 (arch, map[count].namidx, buf);
+        H_PUT_32 (arch, firstreal, buf + BSD_SYMDEF_OFFSET_SIZE);
+*************** coff_write_armap (bfd *arch,
+*** 2574,2580 ****
+    unsigned int ranlibsize = (symbol_count * 4) + 4;
+    unsigned int stringsize = stridx;
+    unsigned int mapsize = stringsize + ranlibsize;
+!   unsigned int archive_member_file_ptr;
+    bfd *current = arch->archive_head;
+    unsigned int count;
+    struct ar_hdr hdr;
+--- 2586,2592 ----
+    unsigned int ranlibsize = (symbol_count * 4) + 4;
+    unsigned int stringsize = stridx;
+    unsigned int mapsize = stringsize + ranlibsize;
+!   file_ptr archive_member_file_ptr;
+    bfd *current = arch->archive_head;
+    unsigned int count;
+    struct ar_hdr hdr;
+*************** coff_write_armap (bfd *arch,
+*** 2625,2631 ****
+  
+        while (count < symbol_count && map[count].u.abfd == current)
+  	{
+! 	  if (!bfd_write_bigendian_4byte_int (arch, archive_member_file_ptr))
+  	    return FALSE;
+  	  count++;
+  	}
+--- 2637,2651 ----
+  
+        while (count < symbol_count && map[count].u.abfd == current)
+  	{
+! 	  unsigned int offset = (unsigned int) archive_member_file_ptr;
+! 
+! 	  /* Catch an attempt to grow an archive past its 4Gb limit.  */
+! 	  if (archive_member_file_ptr != (file_ptr) offset)
+! 	    {
+! 	      bfd_set_error (bfd_error_file_truncated);
+! 	      return FALSE;
+! 	    }
+! 	  if (!bfd_write_bigendian_4byte_int (arch, offset))
+  	    return FALSE;
+  	  count++;
+  	}

binutils.spec

@@ -17,7 +17,7 @@
 Summary: A GNU collection of binary utilities
 Name: %{?cross}binutils%{?_with_debug:-debug}
 Version: 2.22.52.0.4
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv3+
 Group: Development/Tools
 URL: http://sources.redhat.com/binutils
@@ -442,6 +442,9 @@ exit 0
 %endif # %{isnative}
 
 %changelog
+* Thu Jul 05 2012 Nick Clifton <nickc@redhat.com> - 2.22.52.0.4-5
+- Catch attempts to create a broken symbol index with archives > 4Gb in size.  (#835957)
+
 * Fri Jun 30 2012 Nick Clifton <nickc@redhat.com> - 2.22.52.0.4-4
 - Import fix for ld/14189.  (#829311)