From e63d123268f23a4cbc45ee55fb6dbc7d84729da3 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Wed, 26 Apr 2017 13:07:49 +0100 Subject: [PATCH] Fix seg-fault attempting to compress a debug section in a corrupt binary. PR binutils/21431 * compress.c (bfd_init_section_compress_status): Check the return value from bfd_malloc. Upstream-Status: Backport CVE: CVE-2017-8395 Signed-off-by: Armin Kuster --- bfd/ChangeLog | 6 ++++++ bfd/compress.c | 19 +++++++++---------- 2 files changed, 15 insertions(+), 10 deletions(-) Index: git/bfd/compress.c =================================================================== --- git.orig/bfd/compress.c +++ git/bfd/compress.c @@ -542,7 +542,6 @@ bfd_init_section_compress_status (bfd *a { bfd_size_type uncompressed_size; bfd_byte *uncompressed_buffer; - bfd_boolean ret; /* Error if not opened for read. */ if (abfd->direction != read_direction @@ -558,18 +557,18 @@ bfd_init_section_compress_status (bfd *a /* Read in the full section contents and compress it. */ uncompressed_size = sec->size; uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size); + /* PR 21431 */ + if (uncompressed_buffer == NULL) + return FALSE; + if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer, 0, uncompressed_size)) - ret = FALSE; - else - { - uncompressed_size = bfd_compress_section_contents (abfd, sec, - uncompressed_buffer, - uncompressed_size); - ret = uncompressed_size != 0; - } + return FALSE; - return ret; + uncompressed_size = bfd_compress_section_contents (abfd, sec, + uncompressed_buffer, + uncompressed_size); + return uncompressed_size != 0; } /* Index: git/bfd/ChangeLog =================================================================== --- git.orig/bfd/ChangeLog +++ git/bfd/ChangeLog @@ -1,3 +1,8 @@ +2017-04-26 Nick Clifton + + PR binutils/21431 + * compress.c (bfd_init_section_compress_status): Check the return + value from bfd_malloc. 2017-04-23 Alan Modra PR 21414