commit 39ff1b79f687b65f4144ddb379f22587003443fb
Author: Nick Clifton <nickc@redhat.com>
Date:   Tue May 2 11:54:53 2017 +0100

    Prevent memory exhaustion from a corrupt PE binary with an overlarge number of relocs.
    
    	PR 21440
    	* objdump.c (dump_relocs_in_section): Check for an excessive
    	number of relocs before attempting to dump them.

Upstream-Status: Backport

CVE: CVE-2017-8421
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>

Index: git/binutils/objdump.c
===================================================================
--- git.orig/binutils/objdump.c	2017-09-05 11:34:23.140802515 +0530
+++ git/binutils/objdump.c	2017-09-05 11:34:28.716824776 +0530
@@ -3238,6 +3238,14 @@
       return;
     }
 
+  if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
+      && relsize > get_file_size (bfd_get_filename (abfd)))
+    {
+      printf (" (too many: 0x%x)\n", section->reloc_count);
+      bfd_set_error (bfd_error_file_truncated);
+      bfd_fatal (bfd_get_filename (abfd));
+    }
+
   relpp = (arelent **) xmalloc (relsize);
   relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms);
 
Index: git/binutils/ChangeLog
===================================================================
--- git.orig/binutils/ChangeLog	2017-09-05 11:34:28.040822070 +0530
+++ git/binutils/ChangeLog	2017-09-05 11:36:02.413217129 +0530
@@ -4,6 +4,12 @@
        * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
        string whilst concatenating symbol names.
 
+2017-05-02  Nick Clifton  <nickc@redhat.com>
+
+       PR 21440
+       * objdump.c (dump_relocs_in_section): Check for an excessive
+       number of relocs before attempting to dump them.
+
 2017-02-14  Nick Clifton  <nickc@redhat.com>
 
 	PR binutils/21157