From b2706ceadac7239e7b02d43f05100fc6538b0d65 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Mon, 13 Feb 2017 15:04:37 +0000
Subject: Fix invalid read of section contents whilst processing a corrupt binary.

	PR binutils/21135
	* readelf.c (dump_section_as_bytes): Handle the case where
	uncompress_section_contents returns false.

CVE: CVE-2017-7209
Upstream-Status: Backport[master]

Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
---
 binutils/ChangeLog |  6 ++++++
 binutils/readelf.c | 16 ++++++++++++----
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 53352c1801..cf92744c12 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2017-02-13  Nick Clifton  <nickc@redhat.com>
+
+	PR binutils/21135
+	* readelf.c (dump_section_as_bytes): Handle the case where
+	uncompress_section_contents returns false.
+
 2017-02-20  Nick Clifton  <nickc@redhat.com>
 
 	PR binutils/21156
diff --git a/binutils/readelf.c b/binutils/readelf.c
index 4960491c5c..f0e7b080e8 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -12803,10 +12803,18 @@ dump_section_as_bytes (Elf_Internal_Shdr * section,
 	  new_size -= 12;
 	}
 
-      if (uncompressed_size
-	  && uncompress_section_contents (& start, uncompressed_size,
-					  & new_size))
-	section_size = new_size;
+      if (uncompressed_size)
+	{
+	  if (uncompress_section_contents (& start, uncompressed_size,
+					   & new_size))
+	    section_size = new_size;
+	  else
+	    {
+	      error (_("Unable to decompress section %s\n"),
+		     printable_section_name (section));
+	      return;
+	    }
+	}
     }
 
   if (relocate)
-- 
2.11.0