From 56d95751ece7972326fad82bd80a855a04e4509b Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Fri, 9 Apr 2021 17:40:36 +0100
Subject: [PATCH] Fix excessive memory consumption parsing corrupt DWARF
 information. Resolves: #1947969

---
 binutils-CVE-2021-3487.patch | 34 ++++++++++++++++++++++++++++++++++
 binutils.spec                | 10 +++++++++-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 binutils-CVE-2021-3487.patch

diff --git a/binutils-CVE-2021-3487.patch b/binutils-CVE-2021-3487.patch
new file mode 100644
index 0000000..6ba1244
--- /dev/null
+++ b/binutils-CVE-2021-3487.patch
@@ -0,0 +1,34 @@
+--- binutils.orig/bfd/dwarf2.c	2021-04-09 16:59:18.345187116 +0100
++++ binutils-2.35/bfd/dwarf2.c	2021-04-09 17:02:03.614064723 +0100
+@@ -539,6 +539,8 @@ read_section (bfd *	      abfd,
+   /* The section may have already been read.  */
+   if (contents == NULL)
+     {
++      ufile_ptr  filesize;
++
+       msec = bfd_get_section_by_name (abfd, section_name);
+       if (! msec)
+ 	{
+@@ -554,10 +556,20 @@ read_section (bfd *	      abfd,
+ 	  return FALSE;
+ 	}
+ 
+-      *section_size = msec->rawsize ? msec->rawsize : msec->size;
++      amt = bfd_get_section_limit_octets (abfd, msec);
++      filesize = bfd_get_file_size (abfd);
++      if (amt >= filesize)
++       {
++         /* PR 26946 */
++         _bfd_error_handler (_("DWARF error: section %s is larger than its filesize! (0x%lx vs 0x%lx)"),
++                             section_name, (long) amt, (long) filesize);
++         bfd_set_error (bfd_error_bad_value);
++         return FALSE;
++       }
++      *section_size = amt;
+       /* Paranoia - alloc one extra so that we can make sure a string
+ 	 section is NUL terminated.  */
+-      amt = *section_size + 1;
++      amt += 1;
+       if (amt == 0)
+ 	{
+ 	  bfd_set_error (bfd_error_no_memory);
diff --git a/binutils.spec b/binutils.spec
index 402b755..e46bdcf 100644
--- a/binutils.spec
+++ b/binutils.spec
@@ -2,7 +2,7 @@
 Summary: A GNU collection of binary utilities
 Name: %{?cross}binutils%{?_with_debug:-debug}
 Version: 2.35
-Release: 19%{?dist}
+Release: 20%{?dist}
 License: GPLv3+
 URL: https://sourceware.org/binutils
 
@@ -263,6 +263,11 @@ Patch31: binutils-gold-gnu-properties.patch
 # Lifetime: Fixed in 2.36
 Patch32: binutils-CVE-2021-20294.patch
 
+# Purpose:  Fix excessive memory consumption when attempting to parse corrupt
+#            DWARF debug information.
+# Lifetime: Fixed in 2.36
+Patch33: binutils-CVE-2021-3487.patch
+
 #----------------------------------------------------------------------------
 
 Provides: bundled(libiberty)
@@ -836,6 +841,9 @@ exit 0
 
 #----------------------------------------------------------------------------
 %changelog
+* Fri Apr 09 2021 Nick Clifton  <nickc@redhat.com> - 2.35-20
+- Fix excessive memory consumption parsing corrupt DWARF information. (#1947969)
+
 * Fri Mar 26 2021 Nick Clifton  <nickc@redhat.com> - 2.35-19
 - Fix an illegal memory access when using readelf to examine a corrupt file. (#1943534)