Blame SOURCES/binutils-CVE-2018-7568.patch

13ae24
--- binutils.orig/bfd/dwarf1.c	2018-05-01 13:04:35.060041875 +0100
13ae24
+++ binutils-2.30/bfd/dwarf1.c	2018-05-01 13:24:17.943833855 +0100
13ae24
@@ -213,6 +213,7 @@ parse_die (bfd *	     abfd,
13ae24
   /* Then the attributes.  */
13ae24
   while (xptr + 2 <= aDiePtrEnd)
13ae24
     {
13ae24
+      unsigned int   block_len;
13ae24
       unsigned short attr;
13ae24
 
13ae24
       /* Parse the attribute based on its form.  This section
13ae24
@@ -255,12 +256,24 @@ parse_die (bfd *	     abfd,
13ae24
 	  break;
13ae24
 	case FORM_BLOCK2:
13ae24
 	  if (xptr + 2 <= aDiePtrEnd)
13ae24
-	    xptr += bfd_get_16 (abfd, xptr);
13ae24
+           {
13ae24
+             block_len = bfd_get_16 (abfd, xptr);
13ae24
+             if (xptr + block_len > aDiePtrEnd
13ae24
+                 || xptr + block_len < xptr)
13ae24
+               return FALSE;
13ae24
+             xptr += block_len;
13ae24
+           }
13ae24
 	  xptr += 2;
13ae24
 	  break;
13ae24
 	case FORM_BLOCK4:
13ae24
 	  if (xptr + 4 <= aDiePtrEnd)
13ae24
-	    xptr += bfd_get_32 (abfd, xptr);
13ae24
+           {
13ae24
+             block_len = bfd_get_32 (abfd, xptr);
13ae24
+             if (xptr + block_len > aDiePtrEnd
13ae24
+                 || xptr + block_len < xptr)
13ae24
+               return FALSE;
13ae24
+             xptr += block_len;
13ae24
+           }
13ae24
 	  xptr += 4;
13ae24
 	  break;
13ae24
 	case FORM_STRING: