Blame SOURCES/binutils-CVE-2018-10534.patch

869a11
--- binutils.orig/bfd/peXXigen.c	2018-05-10 10:09:03.619147342 +0100
869a11
+++ binutils-2.30/bfd/peXXigen.c	2018-05-10 10:20:20.884883540 +0100
869a11
@@ -2991,6 +2991,15 @@ _bfd_XX_bfd_copy_private_bfd_data_common
869a11
 				  bfd_get_section_size (section) - (addr - section->vma));
869a11
 	      return FALSE;
869a11
 	    }
869a11
+	  /* PR 23110.  */
869a11
+	  else if (ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size < 0)
869a11
+	    {
869a11
+	      /* xgettext:c-format */
869a11
+	      _bfd_error_handler
869a11
+		(_("%pB: Data Directory size (%#lx) is negative"),
869a11
+		 obfd, ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size);
869a11
+	      return FALSE;
869a11
+	    }
869a11
 
869a11
 	  for (i = 0; i < ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size
869a11
 		 / sizeof (struct external_IMAGE_DEBUG_DIRECTORY); i++)