system/binutils: fix CVE-2018-19931 and CVE-2018-19932

1 files changed, 31 insertions, 0 deletions

diff --git a/system/binutils/CVE-2018-19931.patch b/system/binutils/CVE-2018-19931.patch
new file mode 100644
index 000000000..99a9797e3
--- /dev/null
+++ b/system/binutils/CVE-2018-19931.patch
@@ -0,0 +1,31 @@
+From 5f60af5d24d181371d67534fa273dd221df20c07 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 30 Nov 2018 11:45:33 +0000
+Subject: [PATCH] Fix a memory exhaustion bug when attempting to allocate room
+ for an impossible number of program headers.
+
+	* elfcode.h (elf_object_p): Check for corrupt input files with
+	more program headers than can actually fit in the file.
+---
+ bfd/elfcode.h | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/bfd/elfcode.h b/bfd/elfcode.h
+index f224c8b..16ed8e5 100644
+--- a/bfd/elfcode.h
++++ b/bfd/elfcode.h
+@@ -784,6 +784,11 @@ elf_object_p (bfd *abfd)
+       if (i_ehdrp->e_phnum > ((bfd_size_type) -1) / sizeof (*i_phdr))
+ 	goto got_wrong_format_error;
+ #endif
++      /* Check for a corrupt input file with an impossibly large number
++	 of program headers.  */
++      if (bfd_get_file_size (abfd) > 0
++	  && i_ehdrp->e_phnum > bfd_get_file_size (abfd))
++	goto got_no_match;
+       amt = (bfd_size_type) i_ehdrp->e_phnum * sizeof (*i_phdr);
+       elf_tdata (abfd)->phdr = (Elf_Internal_Phdr *) bfd_alloc (abfd, amt);
+       if (elf_tdata (abfd)->phdr == NULL)
+-- 
+2.9.3
+