binutils/binutils-CVE-2018-20002.patch

diff -rup binutils.ori/bfd/syms.c binutils-2.31.1/bfd/syms.c
--- binutils.ori/bfd/syms.c	2019-01-03 13:51:05.784005438 +0000
+++ binutils-2.31.1/bfd/syms.c	2019-01-03 13:53:43.238815129 +0000
@@ -822,10 +822,18 @@ _bfd_generic_read_minisymbols (bfd *abfd
   if (symcount < 0)
     goto error_return;
 
-  *minisymsp = syms;
-  *sizep = sizeof (asymbol *);
+  if (symcount == 0)
+    /* We return 0 above when storage is 0.  Exit in the same state
+       here, so as to not complicate callers with having to deal with
+       freeing memory for zero symcount.  */
+    free (syms);
+  else
+    {
+      *minisymsp = syms;
+      *sizep = sizeof (asymbol *);
+    }
 
-  return symcount;
+ return symcount;
 
  error_return:
   bfd_set_error (bfd_error_no_symbols);
diff -rup binutils.ori/binutils/nm.c binutils-2.31.1/binutils/nm.c
--- binutils.ori/binutils/nm.c	2019-01-03 13:51:06.337001258 +0000
+++ binutils-2.31.1/binutils/nm.c	2019-01-03 13:52:37.542311774 +0000
@@ -1162,13 +1162,11 @@ display_rel_file (bfd *abfd, bfd *archiv
       if (synth_count > 0)
 	{
 	  asymbol **symp;
-	  void *new_mini;
 	  long i;
 
-	  new_mini = xmalloc ((symcount + synth_count + 1) * sizeof (*symp));
-	  symp = (asymbol **) new_mini;
-	  memcpy (symp, minisyms, symcount * sizeof (*symp));
-	  symp += symcount;
+	  minisyms = xrealloc (minisyms,
+			       (symcount + synth_count + 1) * sizeof (*symp));
+	  symp = (asymbol **) minisyms + symcount;
 	  for (i = 0; i < synth_count; i++)
 	    *symp++ = synthsyms + i;
 	  *symp = 0;
diff -rup binutils.orig/binutils/nm.c binutils-2.31.1/binutils/nm.c
--- binutils.orig/binutils/nm.c	2019-01-03 14:18:21.086458519 +0000
+++ binutils-2.31.1/binutils/nm.c	2019-01-03 14:18:23.642438853 +0000
@@ -1170,7 +1170,6 @@ display_rel_file (bfd *abfd, bfd *archiv
 	  for (i = 0; i < synth_count; i++)
 	    *symp++ = synthsyms + i;
 	  *symp = 0;
-	  minisyms = new_mini;
 	  symcount += synth_count;
 	}
     }