| From e63d123268f23a4cbc45ee55fb6dbc7d84729da3 Mon Sep 17 00:00:00 2001 |
| From: Nick Clifton <nickc@redhat.com> |
| Date: Wed, 26 Apr 2017 13:07:49 +0100 |
| Subject: [PATCH] Fix seg-fault attempting to compress a debug section in a |
| corrupt binary. |
| |
| PR binutils/21431 |
| * compress.c (bfd_init_section_compress_status): Check the return |
| value from bfd_malloc. |
| |
| Upstream-Status: Backport |
| CVE: CVE-2017-8395 |
| Signed-off-by: Armin Kuster <akuster@mvista.com> |
| |
| --- |
| bfd/ChangeLog | 6 ++++++ |
| bfd/compress.c | 19 +++++++++---------- |
| 2 files changed, 15 insertions(+), 10 deletions(-) |
| |
| Index: git/bfd/compress.c |
| =================================================================== |
| --- git.orig/bfd/compress.c |
| +++ git/bfd/compress.c |
| @@ -542,7 +542,6 @@ bfd_init_section_compress_status (bfd *a |
| { |
| bfd_size_type uncompressed_size; |
| bfd_byte *uncompressed_buffer; |
| - bfd_boolean ret; |
| |
| /* Error if not opened for read. */ |
| if (abfd->direction != read_direction |
| @@ -558,18 +557,18 @@ bfd_init_section_compress_status (bfd *a |
| /* Read in the full section contents and compress it. */ |
| uncompressed_size = sec->size; |
| uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size); |
| + /* PR 21431 */ |
| + if (uncompressed_buffer == NULL) |
| + return FALSE; |
| + |
| if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer, |
| 0, uncompressed_size)) |
| - ret = FALSE; |
| - else |
| - { |
| - uncompressed_size = bfd_compress_section_contents (abfd, sec, |
| - uncompressed_buffer, |
| - uncompressed_size); |
| - ret = uncompressed_size != 0; |
| - } |
| + return FALSE; |
| |
| - return ret; |
| + uncompressed_size = bfd_compress_section_contents (abfd, sec, |
| + uncompressed_buffer, |
| + uncompressed_size); |
| + return uncompressed_size != 0; |
| } |
| |
| /* |
| Index: git/bfd/ChangeLog |
| =================================================================== |
| --- git.orig/bfd/ChangeLog |
| +++ git/bfd/ChangeLog |
| @@ -1,3 +1,8 @@ |
| +2017-04-26 Nick Clifton <nickc@redhat.com> |
| + |
| + PR binutils/21431 |
| + * compress.c (bfd_init_section_compress_status): Check the return |
| + value from bfd_malloc. |
| |
| 2017-04-23 Alan Modra <amodra@gmail.com> |
| PR 21414 |