Blame SOURCES/binutils-CVE-2018-10534.patch

6cffa7
--- binutils.orig/bfd/peXXigen.c	2018-05-17 11:46:03.979280220 +0100
6cffa7
+++ binutils-2.27/bfd/peXXigen.c	2018-05-17 12:56:36.402304487 +0100
6cffa7
@@ -2964,6 +2964,15 @@ _bfd_XX_bfd_copy_private_bfd_data_common
6cffa7
 				  bfd_get_section_size (section) - (addr - section->vma));
6cffa7
 	      return FALSE;
6cffa7
 	    }
6cffa7
+	  /* PR 23110.  */
6cffa7
+	  else if (ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size < 0)
6cffa7
+	    {
6cffa7
+	      /* xgettext:c-format */
6cffa7
+	      _bfd_error_handler
6cffa7
+		(_("%pB: Data Directory size (%#lx) is negative"),
6cffa7
+		 obfd, ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size);
6cffa7
+	      return FALSE;
6cffa7
+	    }
6cffa7
 
6cffa7
           for (i = 0; i < ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size
6cffa7
 		 / sizeof (struct external_IMAGE_DEBUG_DIRECTORY); i++)