diff options
Diffstat (limited to 'meta/recipes-devtools')
3 files changed, 490 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 3329a97ecf..3b7c9f776b 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc | |||
@@ -57,6 +57,8 @@ SRC_URI = "\ | |||
57 | file://CVE-2017-12449_12455_12457_1.patch \ | 57 | file://CVE-2017-12449_12455_12457_1.patch \ |
58 | file://CVE-2017-12449_12455_12457.patch \ | 58 | file://CVE-2017-12449_12455_12457.patch \ |
59 | file://CVE-2017-12451.patch \ | 59 | file://CVE-2017-12451.patch \ |
60 | file://CVE-2017-12450_12452_12453_12454_12456_1.patch \ | ||
61 | file://CVE-2017-12450_12452_12453_12454_12456.patch \ | ||
60 | " | 62 | " |
61 | S = "${WORKDIR}/git" | 63 | S = "${WORKDIR}/git" |
62 | 64 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456.patch new file mode 100644 index 0000000000..503f655b61 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456.patch | |||
@@ -0,0 +1,375 @@ | |||
1 | commit ca4cf9b9c622a5695e01f7f5815a7382a31fcf51 | ||
2 | Author: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Mon Jul 24 13:49:22 2017 +0100 | ||
4 | |||
5 | Fix address violation errors parsing corrupt binary files. | ||
6 | |||
7 | PR 21813 | ||
8 | binutils* rddbg.c (read_symbol_stabs_debugging_info): Check for an empty | ||
9 | string whilst concatenating symbol names. | ||
10 | |||
11 | bfd * mach-o.c (bfd_mach_o_canonicalize_relocs): Pass the base address | ||
12 | of the relocs to the canonicalize_one_reloc routine. | ||
13 | * mach-o.h (struct bfd_mach_o_backend_data): Update the prototype | ||
14 | for the _bfd_mach_o_canonicalize_one_reloc field. | ||
15 | * mach-o-arm.c (bfd_mach_o_arm_canonicalize_one_reloc): Add | ||
16 | res_base parameter. Use to check for corrupt pair relocs. | ||
17 | * mach-o-aarch64.c (bfd_mach_o_arm64_canonicalize_one_reloc): | ||
18 | Likewise. | ||
19 | * mach-o-i386.c (bfd_mach_o_i386_canonicalize_one_reloc): | ||
20 | Likewise. | ||
21 | * mach-o-x86-64.c (bfd_mach_o_x86_64_canonicalize_one_reloc): | ||
22 | Likewise. | ||
23 | |||
24 | * vms-alpha.c (_bfd_vms_slurp_eihd): Make sure that there is | ||
25 | enough data in the record before attempting to parse it. | ||
26 | (_bfd_vms_slurp_eeom): Likewise. | ||
27 | |||
28 | (_bfd_vms_slurp_egsd): Check for an invalid section index. | ||
29 | (image_set_ptr): Likewise. | ||
30 | (alpha_vms_slurp_relocs): Likewise. | ||
31 | |||
32 | (alpha_vms_object_p): Check for a truncated record. | ||
33 | |||
34 | Upstream-Status: Backport | ||
35 | |||
36 | CVE: CVE-2017-12450, CVE-2017-12452, CVE-2017-12453, CVE-2017-12454, CVE-2017-12456 | ||
37 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
38 | |||
39 | Index: git/bfd/mach-o-aarch64.c | ||
40 | =================================================================== | ||
41 | --- git.orig/bfd/mach-o-aarch64.c 2017-08-31 19:17:51.264385450 +0530 | ||
42 | +++ git/bfd/mach-o-aarch64.c 2017-08-31 19:18:02.620442777 +0530 | ||
43 | @@ -147,9 +147,11 @@ | ||
44 | }; | ||
45 | |||
46 | static bfd_boolean | ||
47 | -bfd_mach_o_arm64_canonicalize_one_reloc (bfd *abfd, | ||
48 | - struct mach_o_reloc_info_external *raw, | ||
49 | - arelent *res, asymbol **syms) | ||
50 | +bfd_mach_o_arm64_canonicalize_one_reloc (bfd * abfd, | ||
51 | + struct mach_o_reloc_info_external * raw, | ||
52 | + arelent * res, | ||
53 | + asymbol ** syms, | ||
54 | + arelent * res_base ATTRIBUTE_UNUSED) | ||
55 | { | ||
56 | bfd_mach_o_reloc_info reloc; | ||
57 | |||
58 | Index: git/bfd/mach-o-i386.c | ||
59 | =================================================================== | ||
60 | --- git.orig/bfd/mach-o-i386.c 2017-08-31 19:17:51.264385450 +0530 | ||
61 | +++ git/bfd/mach-o-i386.c 2017-08-31 19:18:02.620442777 +0530 | ||
62 | @@ -112,9 +112,11 @@ | ||
63 | }; | ||
64 | |||
65 | static bfd_boolean | ||
66 | -bfd_mach_o_i386_canonicalize_one_reloc (bfd *abfd, | ||
67 | - struct mach_o_reloc_info_external *raw, | ||
68 | - arelent *res, asymbol **syms) | ||
69 | +bfd_mach_o_i386_canonicalize_one_reloc (bfd * abfd, | ||
70 | + struct mach_o_reloc_info_external * raw, | ||
71 | + arelent * res, | ||
72 | + asymbol ** syms, | ||
73 | + arelent * res_base) | ||
74 | { | ||
75 | bfd_mach_o_reloc_info reloc; | ||
76 | |||
77 | @@ -126,6 +128,9 @@ | ||
78 | switch (reloc.r_type) | ||
79 | { | ||
80 | case BFD_MACH_O_GENERIC_RELOC_PAIR: | ||
81 | + /* PR 21813: Check for a corrupt PAIR reloc at the start. */ | ||
82 | + if (res == res_base) | ||
83 | + return FALSE; | ||
84 | if (reloc.r_length == 2) | ||
85 | { | ||
86 | res->howto = &i386_howto_table[7]; | ||
87 | @@ -391,9 +396,9 @@ | ||
88 | { NULL, NULL } | ||
89 | }; | ||
90 | |||
91 | -#define bfd_mach_o_canonicalize_one_reloc bfd_mach_o_i386_canonicalize_one_reloc | ||
92 | -#define bfd_mach_o_swap_reloc_out bfd_mach_o_i386_swap_reloc_out | ||
93 | -#define bfd_mach_o_print_thread bfd_mach_o_i386_print_thread | ||
94 | +#define bfd_mach_o_canonicalize_one_reloc bfd_mach_o_i386_canonicalize_one_reloc | ||
95 | +#define bfd_mach_o_swap_reloc_out bfd_mach_o_i386_swap_reloc_out | ||
96 | +#define bfd_mach_o_print_thread bfd_mach_o_i386_print_thread | ||
97 | |||
98 | #define bfd_mach_o_tgt_seg_table mach_o_i386_segsec_names_xlat | ||
99 | #define bfd_mach_o_section_type_valid_for_tgt NULL | ||
100 | Index: git/bfd/mach-o-x86-64.c | ||
101 | =================================================================== | ||
102 | --- git.orig/bfd/mach-o-x86-64.c 2017-08-31 19:17:51.264385450 +0530 | ||
103 | +++ git/bfd/mach-o-x86-64.c 2017-08-31 19:18:02.620442777 +0530 | ||
104 | @@ -120,9 +120,11 @@ | ||
105 | }; | ||
106 | |||
107 | static bfd_boolean | ||
108 | -bfd_mach_o_x86_64_canonicalize_one_reloc (bfd *abfd, | ||
109 | - struct mach_o_reloc_info_external *raw, | ||
110 | - arelent *res, asymbol **syms) | ||
111 | +bfd_mach_o_x86_64_canonicalize_one_reloc (bfd * abfd, | ||
112 | + struct mach_o_reloc_info_external * raw, | ||
113 | + arelent * res, | ||
114 | + asymbol ** syms, | ||
115 | + arelent * res_base ATTRIBUTE_UNUSED) | ||
116 | { | ||
117 | bfd_mach_o_reloc_info reloc; | ||
118 | |||
119 | Index: git/bfd/mach-o.c | ||
120 | =================================================================== | ||
121 | --- git.orig/bfd/mach-o.c 2017-08-31 19:18:02.440441869 +0530 | ||
122 | +++ git/bfd/mach-o.c 2017-08-31 19:18:02.620442777 +0530 | ||
123 | @@ -1496,7 +1496,7 @@ | ||
124 | for (i = 0; i < count; i++) | ||
125 | { | ||
126 | if (!(*bed->_bfd_mach_o_canonicalize_one_reloc)(abfd, &native_relocs[i], | ||
127 | - &res[i], syms)) | ||
128 | + &res[i], syms, res)) | ||
129 | goto err; | ||
130 | } | ||
131 | free (native_relocs); | ||
132 | Index: git/bfd/mach-o.h | ||
133 | =================================================================== | ||
134 | --- git.orig/bfd/mach-o.h 2017-08-31 19:17:51.264385450 +0530 | ||
135 | +++ git/bfd/mach-o.h 2017-08-31 19:18:02.620442777 +0530 | ||
136 | @@ -746,7 +746,7 @@ | ||
137 | enum bfd_architecture arch; | ||
138 | bfd_vma page_size; | ||
139 | bfd_boolean (*_bfd_mach_o_canonicalize_one_reloc) | ||
140 | - (bfd *, struct mach_o_reloc_info_external *, arelent *, asymbol **); | ||
141 | + (bfd *, struct mach_o_reloc_info_external *, arelent *, asymbol **, arelent *); | ||
142 | bfd_boolean (*_bfd_mach_o_swap_reloc_out)(arelent *, bfd_mach_o_reloc_info *); | ||
143 | bfd_boolean (*_bfd_mach_o_print_thread)(bfd *, bfd_mach_o_thread_flavour *, | ||
144 | void *, char *); | ||
145 | Index: git/bfd/ChangeLog | ||
146 | =================================================================== | ||
147 | --- git.orig/bfd/ChangeLog 2017-08-31 19:18:02.564442494 +0530 | ||
148 | +++ git/bfd/ChangeLog 2017-08-31 19:18:02.620442777 +0530 | ||
149 | @@ -11,6 +11,30 @@ | ||
150 | of end pointer. | ||
151 | (evax_bfd_print_emh): Check for invalid string lengths. | ||
152 | |||
153 | + 2017-07-24 Nick Clifton <nickc@redhat.com> | ||
154 | + | ||
155 | + PR 21813 | ||
156 | + * mach-o.c (bfd_mach_o_canonicalize_relocs): Pass the base address | ||
157 | + of the relocs to the canonicalize_one_reloc routine. | ||
158 | + * mach-o.h (struct bfd_mach_o_backend_data): Update the prototype | ||
159 | + for the _bfd_mach_o_canonicalize_one_reloc field. | ||
160 | + * mach-o-arm.c (bfd_mach_o_arm_canonicalize_one_reloc): Add | ||
161 | + res_base parameter. Use to check for corrupt pair relocs. | ||
162 | + * mach-o-aarch64.c (bfd_mach_o_arm64_canonicalize_one_reloc): | ||
163 | + Likewise. | ||
164 | + * mach-o-i386.c (bfd_mach_o_i386_canonicalize_one_reloc): | ||
165 | + Likewise. | ||
166 | + * mach-o-x86-64.c (bfd_mach_o_x86_64_canonicalize_one_reloc): | ||
167 | + Likewise. | ||
168 | + | ||
169 | + * vms-alpha.c (_bfd_vms_slurp_eihd): Make sure that there is | ||
170 | + enough data in the record before attempting to parse it. | ||
171 | + (_bfd_vms_slurp_eeom): Likewise. | ||
172 | + | ||
173 | + (_bfd_vms_slurp_egsd): Check for an invalid section index. | ||
174 | + (image_set_ptr): Likewise. | ||
175 | + (alpha_vms_slurp_relocs): Likewise. | ||
176 | + | ||
177 | 2017-07-19 Nick Clifton <nickc@redhat.com> | ||
178 | |||
179 | PR 21786 | ||
180 | Index: git/bfd/mach-o-arm.c | ||
181 | =================================================================== | ||
182 | --- git.orig/bfd/mach-o-arm.c 2017-08-31 19:17:51.264385450 +0530 | ||
183 | +++ git/bfd/mach-o-arm.c 2017-08-31 19:18:02.620442777 +0530 | ||
184 | @@ -30,7 +30,7 @@ | ||
185 | #define bfd_mach_o_mkobject bfd_mach_o_arm_mkobject | ||
186 | |||
187 | #define bfd_mach_o_canonicalize_one_reloc bfd_mach_o_arm_canonicalize_one_reloc | ||
188 | -#define bfd_mach_o_swap_reloc_out NULL | ||
189 | +#define bfd_mach_o_swap_reloc_out NULL | ||
190 | #define bfd_mach_o_bfd_reloc_type_lookup bfd_mach_o_arm_bfd_reloc_type_lookup | ||
191 | #define bfd_mach_o_bfd_reloc_name_lookup bfd_mach_o_arm_bfd_reloc_name_lookup | ||
192 | |||
193 | @@ -147,9 +147,11 @@ | ||
194 | }; | ||
195 | |||
196 | static bfd_boolean | ||
197 | -bfd_mach_o_arm_canonicalize_one_reloc (bfd *abfd, | ||
198 | - struct mach_o_reloc_info_external *raw, | ||
199 | - arelent *res, asymbol **syms) | ||
200 | +bfd_mach_o_arm_canonicalize_one_reloc (bfd * abfd, | ||
201 | + struct mach_o_reloc_info_external * raw, | ||
202 | + arelent * res, | ||
203 | + asymbol ** syms, | ||
204 | + arelent * res_base) | ||
205 | { | ||
206 | bfd_mach_o_reloc_info reloc; | ||
207 | |||
208 | @@ -161,6 +163,9 @@ | ||
209 | switch (reloc.r_type) | ||
210 | { | ||
211 | case BFD_MACH_O_ARM_RELOC_PAIR: | ||
212 | + /* PR 21813: Check for a corrupt PAIR reloc at the start. */ | ||
213 | + if (res == res_base) | ||
214 | + return FALSE; | ||
215 | if (reloc.r_length == 2) | ||
216 | { | ||
217 | res->howto = &arm_howto_table[7]; | ||
218 | Index: git/bfd/vms-alpha.c | ||
219 | =================================================================== | ||
220 | --- git.orig/bfd/vms-alpha.c 2017-08-31 19:18:02.556442454 +0530 | ||
221 | +++ git/bfd/vms-alpha.c 2017-08-31 19:20:56.233322607 +0530 | ||
222 | @@ -473,6 +473,14 @@ | ||
223 | |||
224 | vms_debug2 ((8, "_bfd_vms_slurp_eihd\n")); | ||
225 | |||
226 | + /* PR 21813: Check for an undersized record. */ | ||
227 | + if (PRIV (recrd.buf_size) < sizeof (* eihd)) | ||
228 | + { | ||
229 | + _bfd_error_handler (_("Corrupt EIHD record - size is too small")); | ||
230 | + bfd_set_error (bfd_error_bad_value); | ||
231 | + return FALSE; | ||
232 | + } | ||
233 | + | ||
234 | size = bfd_getl32 (eihd->size); | ||
235 | imgtype = bfd_getl32 (eihd->imgtype); | ||
236 | |||
237 | @@ -1255,19 +1263,39 @@ | ||
238 | if (old_flags & EGSY__V_DEF) | ||
239 | { | ||
240 | struct vms_esdf *esdf = (struct vms_esdf *)vms_rec; | ||
241 | + long psindx; | ||
242 | |||
243 | entry->value = bfd_getl64 (esdf->value); | ||
244 | if (PRIV (sections) == NULL) | ||
245 | return FALSE; | ||
246 | - entry->section = PRIV (sections)[bfd_getl32 (esdf->psindx)]; | ||
247 | + | ||
248 | + psindx = bfd_getl32 (esdf->psindx); | ||
249 | + /* PR 21813: Check for an out of range index. */ | ||
250 | + if (psindx < 0 || psindx >= (int) PRIV (section_count)) | ||
251 | + { | ||
252 | + _bfd_error_handler (_("Corrupt EGSD record: its psindx field is too big (%#lx)"), | ||
253 | + psindx); | ||
254 | + bfd_set_error (bfd_error_bad_value); | ||
255 | + return FALSE; | ||
256 | + } | ||
257 | + entry->section = PRIV (sections)[psindx]; | ||
258 | |||
259 | if (old_flags & EGSY__V_NORM) | ||
260 | { | ||
261 | PRIV (norm_sym_count)++; | ||
262 | |||
263 | entry->code_value = bfd_getl64 (esdf->code_address); | ||
264 | - entry->code_section = | ||
265 | - PRIV (sections)[bfd_getl32 (esdf->ca_psindx)]; | ||
266 | + psindx = bfd_getl32 (esdf->ca_psindx); | ||
267 | + /* PR 21813: Check for an out of range index. */ | ||
268 | + if (psindx < 0 || psindx >= (int) PRIV (section_count)) | ||
269 | + { | ||
270 | + _bfd_error_handler (_("Corrupt EGSD record: its psindx field is too big (%#lx)"), | ||
271 | + psindx); | ||
272 | + bfd_set_error (bfd_error_bad_value); | ||
273 | + return FALSE; | ||
274 | + } | ||
275 | + entry->code_section = PRIV (sections)[psindx]; | ||
276 | + | ||
277 | } | ||
278 | } | ||
279 | } | ||
280 | @@ -1294,9 +1322,20 @@ | ||
281 | |||
282 | if (old_flags & EGSY__V_REL) | ||
283 | { | ||
284 | + long psindx; | ||
285 | + | ||
286 | if (PRIV (sections) == NULL) | ||
287 | return FALSE; | ||
288 | - entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)]; | ||
289 | + psindx = bfd_getl32 (egst->psindx); | ||
290 | + /* PR 21813: Check for an out of range index. */ | ||
291 | + if (psindx < 0 || psindx >= (int) PRIV (section_count)) | ||
292 | + { | ||
293 | + _bfd_error_handler (_("Corrupt EGSD record: its psindx field is too big (%#lx)"), | ||
294 | + psindx); | ||
295 | + bfd_set_error (bfd_error_bad_value); | ||
296 | + return FALSE; | ||
297 | + } | ||
298 | + entry->section = PRIV (sections)[psindx]; | ||
299 | } | ||
300 | else | ||
301 | entry->section = bfd_abs_section_ptr; | ||
302 | @@ -1387,6 +1426,10 @@ | ||
303 | |||
304 | if (PRIV (sections) == NULL) | ||
305 | return; | ||
306 | + | ||
307 | + if (sect < 0 || sect >= (int) PRIV (section_count)) | ||
308 | + return; | ||
309 | + | ||
310 | sec = PRIV (sections)[sect]; | ||
311 | |||
312 | if (info) | ||
313 | @@ -2360,6 +2403,14 @@ | ||
314 | |||
315 | vms_debug2 ((2, "EEOM\n")); | ||
316 | |||
317 | + /* PR 21813: Check for an undersized record. */ | ||
318 | + if (PRIV (recrd.buf_size) < sizeof (* eeom)) | ||
319 | + { | ||
320 | + _bfd_error_handler (_("Corrupt EEOM record - size is too small")); | ||
321 | + bfd_set_error (bfd_error_bad_value); | ||
322 | + return FALSE; | ||
323 | + } | ||
324 | + | ||
325 | PRIV (eom_data).eom_l_total_lps = bfd_getl32 (eeom->total_lps); | ||
326 | PRIV (eom_data).eom_w_comcod = bfd_getl16 (eeom->comcod); | ||
327 | if (PRIV (eom_data).eom_w_comcod > 1) | ||
328 | @@ -2540,6 +2591,10 @@ | ||
329 | PRIV (recrd.buf_size) = PRIV (recrd.rec_size); | ||
330 | } | ||
331 | |||
332 | + /* PR 21813: Check for a truncated record. */ | ||
333 | + if (PRIV (recrd.rec_size < test_len)) | ||
334 | + goto error_ret; | ||
335 | + | ||
336 | /* Read the remaining record. */ | ||
337 | remaining = PRIV (recrd.rec_size) - test_len; | ||
338 | to_read = MIN (VMS_BLOCK_SIZE - test_len, remaining); | ||
339 | @@ -5074,7 +5129,7 @@ | ||
340 | } | ||
341 | else if (cur_psidx >= 0) | ||
342 | { | ||
343 | - if (PRIV (sections) == NULL) | ||
344 | + if (PRIV (sections) == NULL || cur_psidx >= (int) PRIV (section_count)) | ||
345 | return FALSE; | ||
346 | reloc->sym_ptr_ptr = | ||
347 | PRIV (sections)[cur_psidx]->symbol_ptr_ptr; | ||
348 | Index: git/binutils/ChangeLog | ||
349 | =================================================================== | ||
350 | --- git.orig/binutils/ChangeLog 2017-08-31 19:18:01.816438718 +0530 | ||
351 | +++ git/binutils/ChangeLog 2017-08-31 19:18:02.624442798 +0530 | ||
352 | @@ -1,3 +1,9 @@ | ||
353 | +2017-07-24 Nick Clifton <nickc@redhat.com> | ||
354 | + | ||
355 | + PR 21813 | ||
356 | + * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty | ||
357 | + string whilst concatenating symbol names. | ||
358 | + | ||
359 | 2017-02-14 Nick Clifton <nickc@redhat.com> | ||
360 | |||
361 | PR binutils/21157 | ||
362 | Index: git/binutils/rddbg.c | ||
363 | =================================================================== | ||
364 | --- git.orig/binutils/rddbg.c 2017-08-31 19:17:51.596387126 +0530 | ||
365 | +++ git/binutils/rddbg.c 2017-08-31 19:18:02.624442798 +0530 | ||
366 | @@ -300,7 +300,8 @@ | ||
367 | |||
368 | s = i.name; | ||
369 | f = NULL; | ||
370 | - while (s[strlen (s) - 1] == '\\' | ||
371 | + while (strlen (s) > 0 | ||
372 | + && s[strlen (s) - 1] == '\\' | ||
373 | && ps + 1 < symend) | ||
374 | { | ||
375 | char *sc, *n; | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch new file mode 100644 index 0000000000..208bbbafae --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch | |||
@@ -0,0 +1,113 @@ | |||
1 | commit cb06d03ad92ffcfaa09c3f065837cb39e9e1486d | ||
2 | Author: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Wed Jun 21 11:13:49 2017 +0100 | ||
4 | |||
5 | Fix address violation parsing a corrupt IEEE Alpha binary. | ||
6 | |||
7 | PR binutils/21637 | ||
8 | * vms-alpha.c (_bfd_vms_slurp_egsd): Check for an empty section | ||
9 | list. | ||
10 | (image_set_ptr): Likewise. | ||
11 | (alpha_vms_fix_sec_rel): Likewise. | ||
12 | (alpha_vms_slurp_relocs): Likewise. | ||
13 | |||
14 | Upstream-Status: Backport | ||
15 | |||
16 | CVE: CVE-2017-12450, CVE-2017-12452, CVE-2017-12453, CVE-2017-12454, CVE-2017-12456 | ||
17 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
18 | |||
19 | Index: git/bfd/vms-alpha.c | ||
20 | =================================================================== | ||
21 | --- git.orig/bfd/vms-alpha.c 2017-08-31 18:01:00.742098130 +0530 | ||
22 | +++ git/bfd/vms-alpha.c 2017-08-31 18:01:06.000000000 +0530 | ||
23 | @@ -1257,6 +1257,8 @@ | ||
24 | struct vms_esdf *esdf = (struct vms_esdf *)vms_rec; | ||
25 | |||
26 | entry->value = bfd_getl64 (esdf->value); | ||
27 | + if (PRIV (sections) == NULL) | ||
28 | + return FALSE; | ||
29 | entry->section = PRIV (sections)[bfd_getl32 (esdf->psindx)]; | ||
30 | |||
31 | if (old_flags & EGSY__V_NORM) | ||
32 | @@ -1291,7 +1293,11 @@ | ||
33 | entry->symbol_vector = bfd_getl32 (egst->value); | ||
34 | |||
35 | if (old_flags & EGSY__V_REL) | ||
36 | - entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)]; | ||
37 | + { | ||
38 | + if (PRIV (sections) == NULL) | ||
39 | + return FALSE; | ||
40 | + entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)]; | ||
41 | + } | ||
42 | else | ||
43 | entry->section = bfd_abs_section_ptr; | ||
44 | |||
45 | @@ -1379,6 +1385,8 @@ | ||
46 | |||
47 | vms_debug2 ((4, "image_set_ptr (0x%08x, sect=%d)\n", (unsigned)vma, sect)); | ||
48 | |||
49 | + if (PRIV (sections) == NULL) | ||
50 | + return; | ||
51 | sec = PRIV (sections)[sect]; | ||
52 | |||
53 | if (info) | ||
54 | @@ -1691,7 +1699,12 @@ | ||
55 | alpha_vms_fix_sec_rel (bfd *abfd, struct bfd_link_info *info, | ||
56 | unsigned int rel, bfd_vma vma) | ||
57 | { | ||
58 | - asection *sec = PRIV (sections)[rel & RELC_MASK]; | ||
59 | + asection *sec; | ||
60 | + | ||
61 | + if (PRIV (sections) == NULL) | ||
62 | + return 0; | ||
63 | + | ||
64 | + sec = PRIV (sections)[rel & RELC_MASK]; | ||
65 | |||
66 | if (info) | ||
67 | { | ||
68 | @@ -5000,6 +5013,8 @@ | ||
69 | return FALSE; | ||
70 | } | ||
71 | |||
72 | + if (PRIV (sections) == NULL) | ||
73 | + return FALSE; | ||
74 | sec = PRIV (sections)[cur_psect]; | ||
75 | if (sec == bfd_abs_section_ptr) | ||
76 | { | ||
77 | @@ -5058,8 +5073,12 @@ | ||
78 | reloc->sym_ptr_ptr = sym; | ||
79 | } | ||
80 | else if (cur_psidx >= 0) | ||
81 | - reloc->sym_ptr_ptr = | ||
82 | - PRIV (sections)[cur_psidx]->symbol_ptr_ptr; | ||
83 | + { | ||
84 | + if (PRIV (sections) == NULL) | ||
85 | + return FALSE; | ||
86 | + reloc->sym_ptr_ptr = | ||
87 | + PRIV (sections)[cur_psidx]->symbol_ptr_ptr; | ||
88 | + } | ||
89 | else | ||
90 | reloc->sym_ptr_ptr = NULL; | ||
91 | |||
92 | Index: git/bfd/ChangeLog | ||
93 | =================================================================== | ||
94 | --- git.orig/bfd/ChangeLog 2017-08-31 18:01:06.000000000 +0530 | ||
95 | +++ git/bfd/ChangeLog 2017-08-31 18:01:49.114384620 +0530 | ||
96 | @@ -31,7 +31,16 @@ | ||
97 | correct magic bytes at the start, set the error to wrong format | ||
98 | and clear the format selector before returning NULL. | ||
99 | |||
100 | - 2017-06-19 Nick Clifton <nickc@redhat.com> | ||
101 | + 2017-06-21 Nick Clifton <nickc@redhat.com> | ||
102 | + | ||
103 | + PR binutils/21637 | ||
104 | + * vms-alpha.c (_bfd_vms_slurp_egsd): Check for an empty section | ||
105 | + list. | ||
106 | + (image_set_ptr): Likewise. | ||
107 | + (alpha_vms_fix_sec_rel): Likewise. | ||
108 | + (alpha_vms_slurp_relocs): Likewise. | ||
109 | + | ||
110 | +2017-06-19 Nick Clifton <nickc@redhat.com> | ||
111 | |||
112 | PR binutils/21618 | ||
113 | * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record | ||