1 files changed, 79 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch
new file mode 100644
index 0000000000..0950561e10
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch
@@ -0,0 +1,79 @@
+commit 60a02042bacf8d25814430080adda61ed086bca6
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Fri Jun 30 11:03:37 2017 +0100
+
+    Fix failures in MMIX linker tests introduced by fix for PR 21665.
+    
+    	PR binutils/21665
+    	* objdump.c (disassemble_section): Move check for an overlarge
+    	section to just before the allocation of memory.  Do not check
+    	section size against file size, but instead use an arbitrary 2Gb
+    	limit.  Issue a warning message if the section is too big.
+
+Upstream-Status: CVE-2017-9955
+
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c	2017-09-21 18:10:55.499217078 +0530
++++ git/binutils/objdump.c	2017-09-21 18:10:55.483216953 +0530
+@@ -1973,7 +1973,7 @@
+     return;
+ 
+   datasize = bfd_get_section_size (section);
+-  if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd))
++  if (datasize == 0)
+     return;
+ 
+   if (start_address == (bfd_vma) -1
+@@ -2037,6 +2037,29 @@
+     }
+   rel_ppend = rel_pp + rel_count;
+ 
++  /* PR 21665: Check for overlarge datasizes.
++     Note - we used to check for "datasize > bfd_get_file_size (abfd)" but
++     this fails when using compressed sections or compressed file formats
++     (eg MMO, tekhex).
++
++     The call to xmalloc below will fail if too much memory is requested,
++     which will catch the problem in the normal use case.  But if a memory
++     checker is in use, eg valgrind or sanitize, then an exception will
++     be still generated, so we try to catch the problem first.
++
++     Unfortunately there is no simple way to determine how much memory can
++     be allocated by calling xmalloc.  So instead we use a simple, arbitrary
++     limit of 2Gb.  Hopefully this should be enough for most users.  If
++     someone does start trying to disassemble sections larger then 2Gb in
++     size they will doubtless complain and we can increase the limit.  */
++#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */
++  if (datasize > MAX_XMALLOC)
++    {
++      non_fatal (_("Reading section %s failed because it is too big (%#lx)"),
++		 section->name, (unsigned long) datasize);
++      return;
++    }
++
+   data = (bfd_byte *) xmalloc (datasize);
+ 
+   bfd_get_section_contents (abfd, section, data, 0, datasize);
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog	2017-09-21 17:57:10.448948416 +0530
++++ git/binutils/ChangeLog	2017-09-21 18:13:09.052268892 +0530
+@@ -4,6 +4,14 @@
+        * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
+        string whilst concatenating symbol names.
+ 
++2017-06-30  Nick Clifton  <nickc@redhat.com>
++
++       PR binutils/21665
++       * objdump.c (disassemble_section): Move check for an overlarge
++       section to just before the allocation of memory.  Do not check
++       section size against file size, but instead use an arbitrary 2Gb
++       limit.  Issue a warning message if the section is too big.
++
+ 2017-05-02  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 21440