1 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch
new file mode 100644
index 0000000000..9df8138401
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch
@@ -0,0 +1,58 @@
+From 30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 26 Sep 2017 14:37:47 +0100
+Subject: [PATCH] Avoid needless resource usage when processing a corrupt DWARF
+ directory or file name table.
+        PR 22210
+        * dwarf2.c (read_formatted_entries): Fail early if we know that
+        the loop parsing data entries will overflow the end of the
+        section.
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14933 #1
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ bfd/ChangeLog |  7 +++++++
+ bfd/dwarf2.c  | 10 ++++++++++
+ 2 files changed, 17 insertions(+)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
+2017-09-26  Nick Clifton  <nickc@redhat.com>
+
+       PR 22210
+       * dwarf2.c (read_formatted_entries): Fail early if we know that
+       the loop parsing data entries will overflow the end of the
+       section.
+
+ 2017-09-26  Alan Modra  <amodra@gmail.com>
+ 
+        PR 22204
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
+++ git/bfd/dwarf2.c
+@@ -1933,6 +1933,17 @@ read_formatted_entries (struct comp_unit
+ 
+   data_count = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, buf_end);
+   buf += bytes_read;
+
+  /* PR 22210.  Paranoia check.  Don't bother running the loop
+     if we know that we are going to run out of buffer.  */
+  if (data_count > (bfd_vma) (buf_end - buf))
+    {
+      _bfd_error_handler (_("Dwarf Error: data count (%Lx) larger than buffer size."),
+                         data_count);
+      bfd_set_error (bfd_error_bad_value);
+      return FALSE;
+    }
+
+   for (datai = 0; datai < data_count; datai++)
+     {
+       bfd_byte *format = format_header_data;

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch new file mode 100644 index 0000000000..9df8138401 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch
@@ -0,0 +1,58 @@
	1	From 30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573 Mon Sep 17 00:00:00 2001
	2	From: Nick Clifton <nickc@redhat.com>
	3	Date: Tue, 26 Sep 2017 14:37:47 +0100
	4	Subject: [PATCH] Avoid needless resource usage when processing a corrupt DWARF
	5	directory or file name table.
	6
	7	PR 22210
	8	* dwarf2.c (read_formatted_entries): Fail early if we know that
	9	the loop parsing data entries will overflow the end of the
	10	section.
	11
	12	Upstream-Status: Backport
	13	Affects: <= 2.29.1
	14	CVE: CVE-2017-14933 #1
	15	Signed-off-by: Armin Kuster <akuster@mvista.com>
	16
	17	---
	18	bfd/ChangeLog \| 7 +++++++
	19	bfd/dwarf2.c \| 10 ++++++++++
	20	2 files changed, 17 insertions(+)
	21
	22	Index: git/bfd/ChangeLog
	23	===================================================================
	24	--- git.orig/bfd/ChangeLog
	25	+++ git/bfd/ChangeLog
	26	@@ -1,3 +1,10 @@
	27	+2017-09-26 Nick Clifton <nickc@redhat.com>
	28	+
	29	+ PR 22210
	30	+ * dwarf2.c (read_formatted_entries): Fail early if we know that
	31	+ the loop parsing data entries will overflow the end of the
	32	+ section.
	33	+
	34	2017-09-26 Alan Modra <amodra@gmail.com>
	35
	36	PR 22204
	37	Index: git/bfd/dwarf2.c
	38	===================================================================
	39	--- git.orig/bfd/dwarf2.c
	40	+++ git/bfd/dwarf2.c
	41	@@ -1933,6 +1933,17 @@ read_formatted_entries (struct comp_unit
	42
	43	data_count = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, buf_end);
	44	buf += bytes_read;
	45	+
	46	+ /* PR 22210. Paranoia check. Don't bother running the loop
	47	+ if we know that we are going to run out of buffer. */
	48	+ if (data_count > (bfd_vma) (buf_end - buf))
	49	+ {
	50	+ _bfd_error_handler (_("Dwarf Error: data count (%Lx) larger than buffer size."),
	51	+ data_count);
	52	+ bfd_set_error (bfd_error_bad_value);
	53	+ return FALSE;
	54	+ }
	55	+
	56	for (datai = 0; datai < data_count; datai++)
	57	{
	58	bfd_byte *format = format_header_data;