commit e63d123268f23a4cbc45ee55fb6dbc7d84729da3 Author: Nick Clifton Date: Wed Apr 26 13:07:49 2017 +0100 Fix seg-fault attempting to compress a debug section in a corrupt binary. PR binutils/21431 * compress.c (bfd_init_section_compress_status): Check the return value from bfd_malloc. Upstream-Status: Backport CVE: CVE-2017-8395 Signed-off-by: Thiruvadi Rajaraman Index: git/bfd/compress.c =================================================================== --- git.orig/bfd/compress.c 2017-09-04 17:55:00.546577566 +0530 +++ git/bfd/compress.c 2017-09-04 17:55:10.770664577 +0530 @@ -534,7 +534,6 @@ { bfd_size_type uncompressed_size; bfd_byte *uncompressed_buffer; - bfd_boolean ret; /* Error if not opened for read. */ if (abfd->direction != read_direction @@ -550,18 +549,18 @@ /* Read in the full section contents and compress it. */ uncompressed_size = sec->size; uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size); + /* PR 21431 */ + if (uncompressed_buffer == NULL) + return FALSE; + if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer, 0, uncompressed_size)) - ret = FALSE; - else - { - uncompressed_size = bfd_compress_section_contents (abfd, sec, - uncompressed_buffer, - uncompressed_size); - ret = uncompressed_size != 0; - } + return FALSE; - return ret; + uncompressed_size = bfd_compress_section_contents (abfd, sec, + uncompressed_buffer, + uncompressed_size); + return uncompressed_size != 0; } /* Index: git/bfd/ChangeLog =================================================================== --- git.orig/bfd/ChangeLog 2017-09-04 17:55:10.714664101 +0530 +++ git/bfd/ChangeLog 2017-09-04 17:56:40.991431847 +0530 @@ -73,6 +73,12 @@ (evax_bfd_print_egsd): Check for an overlarge record length. (evax_bfd_print_etir): Likewise. +2017-04-26 Nick Clifton + + PR binutils/21431 + * compress.c (bfd_init_section_compress_status): Check the return + value from bfd_malloc. + 2017-04-25 Maciej W. Rozycki * readelf.c (process_mips_specific): Remove error reporting from