commit 4f3ca05b487e9755018b4c9a053a2e6c35d8a7df
Author: Nick Clifton <nickc@redhat.com>
Date:   Tue Dec 6 16:53:57 2016 +0000

    Fix seg-fault in strip when copying a corrupt binary.
    
        PR binutils/20931
        * elf.c (copy_special_section_fields): Check for an invalid
        sh_link field before attempting to follow it.

Upstream-Status: Backport

CVE: CVE-2017-7304
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>

Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog	2017-09-04 16:13:03.512095249 +0530
+++ git/bfd/ChangeLog	2017-09-04 16:16:25.173745111 +0530
@@ -114,6 +114,12 @@
        (bfd_elf_final_link): Only initialize the extended symbol index
        section if there are extended symbol tables to list.
 
+ 2016-12-06  Nick Clifton  <nickc@redhat.com>
+ 
+       PR binutils/20931
+       * elf.c (copy_special_section_fields): Check for an invalid
+       sh_link field before attempting to follow it.
+
 2016-12-05  Nick Clifton  <nickc@redhat.com>
  
        PR binutils/20905
Index: git/bfd/elf.c
===================================================================
--- git.orig/bfd/elf.c	2017-09-04 16:13:03.512095249 +0530
+++ git/bfd/elf.c	2017-09-04 16:15:38.257359045 +0530
@@ -1324,6 +1324,16 @@
      in the input bfd.  */
   if (iheader->sh_link != SHN_UNDEF)
     {
+      /* See PR 20931 for a reproducer.  */
+      if (iheader->sh_link >= elf_numsections (ibfd))
+	{
+	  (* _bfd_error_handler)
+	    /* xgettext:c-format */
+	    (_("%B: Invalid sh_link field (%d) in section number %d"),
+	     ibfd, iheader->sh_link, secnum);
+	  return FALSE;
+	}
+
       sh_link = find_link (obfd, iheaders[iheader->sh_link], iheader->sh_link);
       if (sh_link != SHN_UNDEF)
 	{