Blame SOURCES/binutils-CVE-2018-7642.patch
|
 |
49857a |
--- binutils.orig/bfd/aoutx.h 2018-05-29 17:35:09.220062492 +0100
|
|
|
49857a |
+++ binutils-2.27/bfd/aoutx.h 2018-05-29 17:37:09.131765293 +0100
|
|
|
49857a |
@@ -1713,7 +1713,13 @@ NAME (aout, translate_symbol_table) (bfd
|
|
|
49857a |
else if (x < strsize)
|
|
|
49857a |
in->symbol.name = str + x;
|
|
|
49857a |
else
|
|
|
49857a |
- return FALSE;
|
|
|
49857a |
+ {
|
|
|
49857a |
+ _bfd_error_handler
|
|
|
49857a |
+ (_("%B: invalid string offset %lx >= %lx"),
|
|
|
49857a |
+ abfd, (long) x, (long) strsize);
|
|
|
49857a |
+ bfd_set_error (bfd_error_bad_value);
|
|
|
49857a |
+ return FALSE;
|
|
|
49857a |
+ }
|
|
|
49857a |
|
|
|
49857a |
in->symbol.value = GET_SWORD (abfd, ext->e_value);
|
|
|
49857a |
in->desc = H_GET_16 (abfd, ext->e_desc);
|
|
|
49857a |
@@ -2261,10 +2267,12 @@ NAME (aout, swap_std_reloc_in) (bfd *abf
|
|
|
49857a |
if (r_baserel)
|
|
|
49857a |
r_extern = 1;
|
|
|
49857a |
|
|
|
49857a |
- if (r_extern && r_index > symcount)
|
|
|
49857a |
+ if (r_extern && r_index >= symcount)
|
|
|
49857a |
{
|
|
|
49857a |
/* We could arrange to return an error, but it might be useful
|
|
|
49857a |
- to see the file even if it is bad. */
|
|
|
49857a |
+ to see the file even if it is bad. FIXME: Of course this
|
|
|
49857a |
+ means that objdump -r *doesn't* see the actual reloc, and
|
|
|
49857a |
+ objcopy silently writes a different reloc. */
|
|
|
49857a |
r_extern = 0;
|
|
|
49857a |
r_index = N_ABS;
|
|
|
49857a |
}
|