binutils/binutils-CVE-2018-10534.patch
Nick Clifton 347768434c Fix a seg-fault running objcopy on a corrupt PE format file. (#1574702)
Fix a seg-fault running objcopy on a corrupt ELF format file.  (#1574705)
2018-05-10 10:46:37 +01:00

19 lines
726 B
Diff

--- binutils.orig/bfd/peXXigen.c 2018-05-10 10:09:03.619147342 +0100
+++ binutils-2.30/bfd/peXXigen.c 2018-05-10 10:20:20.884883540 +0100
@@ -2991,6 +2991,15 @@ _bfd_XX_bfd_copy_private_bfd_data_common
bfd_get_section_size (section) - (addr - section->vma));
return FALSE;
}
+ /* PR 23110. */
+ else if (ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size < 0)
+ {
+ /* xgettext:c-format */
+ _bfd_error_handler
+ (_("%pB: Data Directory size (%#lx) is negative"),
+ obfd, ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size);
+ return FALSE;
+ }
for (i = 0; i < ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size
/ sizeof (struct external_IMAGE_DEBUG_DIRECTORY); i++)