1 files changed, 93 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch
new file mode 100644
index 0000000000..6cd86c2a30
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch
@@ -0,0 +1,93 @@
+commit cfd14a500e0485374596234de4db10e88ebc7618
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Mon Jun 26 15:25:08 2017 +0100
+
+    Fix address violations when atempting to parse fuzzed binaries.
+    
+    	PR binutils/21665
+       	* compress.c (bfd_get_full_section_contents): Check for and reject
+    	a section whoes size is greater than the size of the entire file.
+    	* elf32-v850.c (v850_elf_copy_notes): Allow for the ouput to not
+    	contain a notes section.
+    
+    binutils* objdump.c (disassemble_section): Skip any section that is bigger
+    	than the entire file.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/compress.c
+===================================================================
+--- git.orig/bfd/compress.c	2017-09-21 17:32:51.645611404 +0530
++++ git/bfd/compress.c	2017-09-21 17:32:52.965622987 +0530
+@@ -239,6 +239,12 @@
+       *ptr = NULL;
+       return TRUE;
+     }
++  else if (bfd_get_file_size (abfd) > 0
++	   && sz > (bfd_size_type) bfd_get_file_size (abfd))
++    {
++      *ptr = NULL;
++      return FALSE;
++    }
+ 
+   switch (sec->compress_status)
+     {
+Index: git/bfd/elf32-v850.c
+===================================================================
+--- git.orig/bfd/elf32-v850.c	2017-09-21 17:32:35.053465773 +0530
++++ git/bfd/elf32-v850.c	2017-09-21 17:32:52.965622987 +0530
+@@ -2448,7 +2448,9 @@
+ 	BFD_ASSERT (bfd_malloc_and_get_section (ibfd, inotes, & icont));
+ 
+       if ((ocont = elf_section_data (onotes)->this_hdr.contents) == NULL)
+-	BFD_ASSERT (bfd_malloc_and_get_section (obfd, onotes, & ocont));
++	/* If the output is being stripped then it is possible for
++	   the notes section to disappear.  In this case do nothing.  */
++	return;
+ 
+       /* Copy/overwrite notes from the input to the output.  */
+       memcpy (ocont, icont, bfd_section_size (obfd, onotes));
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c	2017-09-21 17:32:52.337617476 +0530
++++ git/binutils/objdump.c	2017-09-21 17:32:52.965622987 +0530
+@@ -1973,7 +1973,7 @@
+     return;
+ 
+   datasize = bfd_get_section_size (section);
+-  if (datasize == 0)
++  if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd))
+     return;
+ 
+   if (start_address == (bfd_vma) -1
+@@ -2839,7 +2839,7 @@
+ static void
+ dump_section (bfd *abfd, asection *section, void *dummy ATTRIBUTE_UNUSED)
+ {
+-  bfd_byte *data = 0;
++  bfd_byte *data = NULL;
+   bfd_size_type datasize;
+   bfd_vma addr_offset;
+   bfd_vma start_offset;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog	2017-09-21 17:32:52.909622495 +0530
++++ git/bfd/ChangeLog	2017-09-21 17:35:57.863164167 +0530
+@@ -11,6 +11,14 @@
+        of end pointer.
+        (evax_bfd_print_emh): Check for invalid string lengths.
+ 
++2017-06-26  Nick Clifton  <nickc@redhat.com>
++
++       PR binutils/21665
++       * compress.c (bfd_get_full_section_contents): Check for and reject
++       a section whoes size is greater than the size of the entire file.
++       * elf32-v850.c (v850_elf_copy_notes): Allow for the ouput to not
++       contain a notes section.
++
+  2017-07-24  Nick Clifton  <nickc@redhat.com>
+  
+        PR 21813