commit 04e15b4a9462cb1ae819e878a6009829aab8020b
Author: Nick Clifton <nickc@redhat.com>
Date:   Mon Jun 26 15:46:34 2017 +0100

    Fix address violation parsing a corrupt texhex format file.
    
    	PR binutils/21670
    	* tekhex.c (getvalue): Check for the source pointer exceeding the
    	end pointer before the first byte is read.

Upstream-Status: Backport

CVE: CVE-2017-9954
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>

Index: git/bfd/tekhex.c
===================================================================
--- git.orig/bfd/tekhex.c	2017-09-21 16:19:42.570877476 +0530
+++ git/bfd/tekhex.c	2017-09-21 16:20:06.878964516 +0530
@@ -273,6 +273,9 @@
   bfd_vma value = 0;
   unsigned int len;
 
+  if (src >= endp)
+    return FALSE;
+
   if (!ISHEX (*src))
     return FALSE;
 
@@ -514,9 +517,10 @@
   /* To the front of the file.  */
   if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0)
     return FALSE;
+
   while (! is_eof)
     {
-      char src[MAXCHUNK];
+      static char src[MAXCHUNK];
       char type;
 
       /* Find first '%'.  */
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog	2017-09-21 16:20:06.822964309 +0530
+++ git/bfd/ChangeLog	2017-09-21 16:22:29.383577439 +0530
@@ -55,6 +55,12 @@
        correct magic bytes at the start, set the error to wrong format
        and clear the format selector before returning NULL.
 
+2017-06-26  Nick Clifton  <nickc@redhat.com>
+
+	PR binutils/21670
+	* tekhex.c (getvalue): Check for the source pointer exceeding the
+	end pointer before the first byte is read.
+
  2017-06-21  Nick Clifton  <nickc@redhat.com>
  
        PR binutils/21637