*** ../binutils-2.24.orig/bfd/elf.c	2014-10-27 12:47:20.989181791 +0000
--- bfd/elf.c	2014-10-27 12:47:33.296248170 +0000
*************** setup_group (bfd *abfd, Elf_Internal_Shd
*** 608,616 ****
  		  if (shdr->contents == NULL)
  		    {
  		      _bfd_error_handler
! 			(_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
  		      bfd_set_error (bfd_error_bad_value);
! 		      return FALSE;
  		    }
  
  		  memset (shdr->contents, 0, amt);
--- 608,617 ----
  		  if (shdr->contents == NULL)
  		    {
  		      _bfd_error_handler
! 			(_("%B: corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
  		      bfd_set_error (bfd_error_bad_value);
! 		      -- num_group;
! 		      continue;
  		    }
  
  		  memset (shdr->contents, 0, amt);
*************** setup_group (bfd *abfd, Elf_Internal_Shd
*** 618,625 ****
  		  if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
  		      || (bfd_bread (shdr->contents, shdr->sh_size, abfd)
  			  != shdr->sh_size))
! 		    return FALSE;
! 
  		  /* Translate raw contents, a flag word followed by an
  		     array of elf section indices all in target byte order,
  		     to the flag word followed by an array of elf section
--- 619,635 ----
  		  if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
  		      || (bfd_bread (shdr->contents, shdr->sh_size, abfd)
  			  != shdr->sh_size))
! 		    {
! 		      _bfd_error_handler
! 			(_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size);
! 		      bfd_set_error (bfd_error_bad_value);
! 		      -- num_group;
! 		      /* PR 17510: If the group contents are even partially
! 			 corrupt, do not allow any of the contents to be used.  */
! 		      memset (shdr->contents, 0, amt);
! 		      continue;
! 		    }
! 		  
  		  /* Translate raw contents, a flag word followed by an
  		     array of elf section indices all in target byte order,
  		     to the flag word followed by an array of elf section
*************** setup_group (bfd *abfd, Elf_Internal_Shd
*** 651,656 ****
--- 661,681 ----
  		    }
  		}
  	    }
+ 
+ 	  /* PR 17510: Corrupt binaries might contain invalid groups.  */
+ 	  if (num_group != (unsigned) elf_tdata (abfd)->num_group)
+ 	    {
+ 	      elf_tdata (abfd)->num_group = num_group;
+ 
+ 	      /* If all groups are invalid then fail.  */
+ 	      if (num_group == 0)
+ 		{
+ 		  elf_tdata (abfd)->group_sect_ptr = NULL;
+ 		  elf_tdata (abfd)->num_group = num_group = -1;
+ 		  (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd);
+ 		  bfd_set_error (bfd_error_bad_value);
+ 		}
+ 	    }
  	}
      }
  
*************** setup_group (bfd *abfd, Elf_Internal_Shd
*** 716,721 ****
--- 741,747 ----
      {
        (*_bfd_error_handler) (_("%B: no group info for section %A"),
  			     abfd, newsect);
+       return FALSE;
      }
    return TRUE;
  }