1 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch
new file mode 100644
index 0000000000..9bd9207bb5
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch
@@ -0,0 +1,49 @@
+From 8a5f4f2ebe7f35ac5646060fa51e3332f6ef388c Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 4 Jan 2019 13:44:34 +0000
+Subject: [PATCH] Fix a possible integer overflow problem when examining
+ corrupt binaries using a 32-bit binutil.
+        PR 24005
+        * objdump.c (load_specific_debug_section): Check for integer
+        overflow before attempting to allocate contents.
+CVE: CVE-2018-20671
+Upstream-Status: Backport
+[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11fa9f134fd658075c6f74499c780df045d9e9ca]
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ binutils/objdump.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+index f468fcdb59..89ca688938 100644
+--- a/binutils/objdump.c
+++ b/binutils/objdump.c
+@@ -2503,12 +2503,19 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
+   section->reloc_info = NULL;
+   section->num_relocs = 0;
+   section->address = bfd_get_section_vma (abfd, sec);
+  section->user_data = sec;
+   section->size = bfd_get_section_size (sec);
+   amt = section->size + 1;
+  if (amt == 0 || amt > bfd_get_file_size (abfd))
+    {
+      section->start = NULL;
+      free_debug_section (debug);
+      printf (_("\nSection '%s' has an invalid size: %#llx.\n"),
+             section->name, (unsigned long long) section->size);
+      return FALSE;
+    }
+   section->start = contents = malloc (amt);
+-  section->user_data = sec;
+-  if (amt == 0
+-      || section->start == NULL
+  if (section->start == NULL
+       || !bfd_get_full_section_contents (abfd, sec, &contents))
+     {
+       free_debug_section (debug);
+-- 
+2.22.0.vfs.1.1.57.gbaf16c8

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch new file mode 100644 index 0000000000..9bd9207bb5 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch
@@ -0,0 +1,49 @@
	1	From 8a5f4f2ebe7f35ac5646060fa51e3332f6ef388c Mon Sep 17 00:00:00 2001
	2	From: Nick Clifton <nickc@redhat.com>
	3	Date: Fri, 4 Jan 2019 13:44:34 +0000
	4	Subject: [PATCH] Fix a possible integer overflow problem when examining
	5	corrupt binaries using a 32-bit binutil.
	6
	7	PR 24005
	8	* objdump.c (load_specific_debug_section): Check for integer
	9	overflow before attempting to allocate contents.
	10
	11	CVE: CVE-2018-20671
	12	Upstream-Status: Backport
	13	[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11fa9f134fd658075c6f74499c780df045d9e9ca]
	14
	15	Signed-off-by: Dan Tran <dantran@microsoft.com>
	16	---
	17	binutils/objdump.c \| 13 ++++++++++---
	18	1 file changed, 10 insertions(+), 3 deletions(-)
	19
	20	diff --git a/binutils/objdump.c b/binutils/objdump.c
	21	index f468fcdb59..89ca688938 100644
	22	--- a/binutils/objdump.c
	23	+++ b/binutils/objdump.c
	24	@@ -2503,12 +2503,19 @@ load_specific_debug_section (enum dwarf_section_display_enum debug,
	25	section->reloc_info = NULL;
	26	section->num_relocs = 0;
	27	section->address = bfd_get_section_vma (abfd, sec);
	28	+ section->user_data = sec;
	29	section->size = bfd_get_section_size (sec);
	30	amt = section->size + 1;
	31	+ if (amt == 0 \|\| amt > bfd_get_file_size (abfd))
	32	+ {
	33	+ section->start = NULL;
	34	+ free_debug_section (debug);
	35	+ printf (_("\nSection '%s' has an invalid size: %#llx.\n"),
	36	+ section->name, (unsigned long long) section->size);
	37	+ return FALSE;
	38	+ }
	39	section->start = contents = malloc (amt);
	40	- section->user_data = sec;
	41	- if (amt == 0
	42	- \|\| section->start == NULL
	43	+ if (section->start == NULL
	44	\|\| !bfd_get_full_section_contents (abfd, sec, &contents))
	45	{
	46	free_debug_section (debug);
	47	--
	48	2.22.0.vfs.1.1.57.gbaf16c8
	49