summaryrefslogtreecommitdiff
path: root/cross/cross-binutils/binutils-2.24-CVE-2014-8501.patch
diff options
context:
space:
mode:
Diffstat (limited to 'cross/cross-binutils/binutils-2.24-CVE-2014-8501.patch')
-rw-r--r--cross/cross-binutils/binutils-2.24-CVE-2014-8501.patch26
1 files changed, 26 insertions, 0 deletions
diff --git a/cross/cross-binutils/binutils-2.24-CVE-2014-8501.patch b/cross/cross-binutils/binutils-2.24-CVE-2014-8501.patch
new file mode 100644
index 000000000..131288585
--- /dev/null
+++ b/cross/cross-binutils/binutils-2.24-CVE-2014-8501.patch
@@ -0,0 +1,26 @@
+diff --git a/bfd/peXXigen.c b/bfd/peXXigen.c
+index 2fb631c..987be40 100644
+--- a/bfd/peXXigen.c
++++ b/bfd/peXXigen.c
+@@ -504,6 +504,18 @@ _bfd_XXi_swap_aouthdr_in (bfd * abfd,
+ {
+ int idx;
+
++ /* PR 17512: Corrupt PE binaries can cause seg-faults. */
++ if (a->NumberOfRvaAndSizes > 16)
++ {
++ (*_bfd_error_handler)
++ (_("%B: aout header specifies an invalid number of data-directory entries: %d"),
++ abfd, a->NumberOfRvaAndSizes);
++ /* Paranoia: If the number is corrupt, then assume that the
++ actual entries themselves might be corrupt as well. */
++ a->NumberOfRvaAndSizes = 0;
++ }
++
++
+ for (idx = 0; idx < a->NumberOfRvaAndSizes; idx++)
+ {
+ /* If data directory is empty, rva also should be 0. */
+--
+1.7.1
+
generated by cgit v1.2.2 (git 2.25.0) at 2024-05-09 16:32:36 +0000