commit 406bd128dba2a59d0736839fc87a59bce319076c
Author: Nick Clifton <nickc@redhat.com>
Date:   Mon Dec 5 16:00:43 2016 +0000

    Fix seg-fault in linker when passed a bogus input script.
    
        PR ld/20906
        * ldlex.l: Check for bogus strings in linker scripts.

Upstream-Status: backport

CVE: CVE-2017-7227
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>

Index: git/ld/ChangeLog
===================================================================
--- git.orig/ld/ChangeLog	2017-09-04 13:18:09.660584245 +0530
+++ git/ld/ChangeLog	2017-09-04 13:20:34.286155911 +0530
@@ -1,3 +1,8 @@
+2016-12-05  Nick Clifton  <nickc@redhat.com>
+
+	PR ld/20906
+	* ldlex.l: Check for bogus strings in linker scripts.
+
 2016-08-02  Nick Clifton  <nickc@redhat.com>
 
 	PR ld/17739
Index: git/ld/ldlex.l
===================================================================
--- git.orig/ld/ldlex.l	2017-09-04 13:18:09.692584605 +0530
+++ git/ld/ldlex.l	2017-09-04 13:22:54.483583368 +0530
@@ -416,9 +416,15 @@
 
 <EXPRESSION,BOTH,SCRIPT,VERS_NODE,INPUTLIST>"\""[^\"]*"\"" {
 					/* No matter the state, quotes
-					   give what's inside */
+                                          give what's inside.  */
+                                        bfd_size_type len;
 					yylval.name = xstrdup (yytext + 1);
-					yylval.name[yyleng - 2] = 0;
+                                        /* PR ld/20906.  A corrupt input file
+                                           can contain bogus strings.  */
+                                        len = strlen (yylval.name);
+                                        if (len > yyleng - 2)
+                                          len = yyleng - 2;
+                                        yylval.name[len] = 0;
 					return NAME;
 				}
 <BOTH,SCRIPT,EXPRESSION>"\n"		{ lineno++;}