commit ae87f7e73eba29bd38b3a9684a10b948ed715612
Author: Nick Clifton <nickc@redhat.com>
Date:   Wed Jun 14 16:50:03 2017 +0100

    Fix address violation when disassembling a corrupt binary.
    
    	PR binutils/21580
    binutils * objdump.c (disassemble_bytes): Check for buffer overrun when
    	printing out rae insns.
    
    ld	* testsuite/ld-nds32/diff.d: Adjust expected output.

Upstream-Status: Backport

CVE: CVE-2017-9746
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>


Index: git/binutils/objdump.c
===================================================================
--- git.orig/binutils/objdump.c	2017-09-21 13:54:00.187228032 +0530
+++ git/binutils/objdump.c	2017-09-21 13:54:00.659231783 +0530
@@ -1780,20 +1780,23 @@
 
 	      for (j = addr_offset * opb; j < addr_offset * opb + pb; j += bpc)
 		{
-		  int k;
-
-		  if (bpc > 1 && inf->display_endian == BFD_ENDIAN_LITTLE)
-		    {
-		      for (k = bpc - 1; k >= 0; k--)
-			printf ("%02x", (unsigned) data[j + k]);
-		      putchar (' ');
-		    }
-		  else
+		  /* PR 21580: Check for a buffer ending early.  */
+		  if (j + bpc <= stop_offset * opb)
 		    {
-		      for (k = 0; k < bpc; k++)
-			printf ("%02x", (unsigned) data[j + k]);
-		      putchar (' ');
+		      int k;
+
+		      if (inf->display_endian == BFD_ENDIAN_LITTLE)
+			{
+			  for (k = bpc - 1; k >= 0; k--)
+			    printf ("%02x", (unsigned) data[j + k]);
+			}
+		      else
+			{
+			  for (k = 0; k < bpc; k++)
+			    printf ("%02x", (unsigned) data[j + k]);
+			}
 		    }
+		  putchar (' ');
 		}
 
 	      for (; pb < octets_per_line; pb += bpc)
Index: git/ld/testsuite/ld-nds32/diff.d
===================================================================
--- git.orig/ld/testsuite/ld-nds32/diff.d	2017-09-21 13:53:52.395166097 +0530
+++ git/ld/testsuite/ld-nds32/diff.d	2017-09-21 13:54:00.659231783 +0530
@@ -7,9 +7,9 @@
 
 Disassembly of section .data:
 00008000 <WORD> (7e 00 00 00|00 00 00 7e).*
-00008004 <HALF> (7e 00 7e fe|00 7e 7e fe).*
-00008006 <BYTE> 7e fe 00 fe.*
-00008007 <ULEB128> fe 00.*
+00008004 <HALF> (7e 00|00 7e).*
+00008006 <BYTE> 7e.*
+00008007 <ULEB128> fe.*
 	...
 00008009 <ULEB128_2> fe 00.*
 .*
Index: git/ld/ChangeLog
===================================================================
--- git.orig/ld/ChangeLog	2017-09-21 13:53:59.611223454 +0530
+++ git/ld/ChangeLog	2017-09-21 14:01:12.294643335 +0530
@@ -1,3 +1,8 @@
+2017-06-14  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21580
+       * testsuite/ld-nds32/diff.d: Adjust expected output.
+
 2016-12-05  Nick Clifton  <nickc@redhat.com>
 
 	PR ld/20906