commit 50455f1ab2935f7321215dfa681745c9b1cb5b19 Author: Nick Clifton Date: Thu Dec 1 10:15:07 2016 +0000 Fix seg-fault running addr2line on a corrupt binary. PR binutils/20891 * aoutx.h (find_nearest_line): Handle the case where the main file name and the directory name are both empty. Upstream-Status: backport CVE: CVE-2017-7225 Signed-off-by: Thiruvadi Rajaraman Index: git/bfd/ChangeLog =================================================================== --- git.orig/bfd/ChangeLog 2017-09-04 13:04:20.941485636 +0530 +++ git/bfd/ChangeLog 2017-09-04 13:08:05.003175703 +0530 @@ -120,6 +120,12 @@ * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over the end of the string buffer. +2016-12-01 Nick Clifton + + PR binutils/20891 + * aoutx.h (find_nearest_line): Handle the case where the main file + name and the directory name are both empty. + PR binutils/20892 * aoutx.h (find_nearest_line): Handle the case where the function name is empty. Index: git/bfd/aoutx.h =================================================================== --- git.orig/bfd/aoutx.h 2017-09-04 13:04:20.941485636 +0530 +++ git/bfd/aoutx.h 2017-09-04 13:10:55.856441243 +0530 @@ -2663,7 +2663,7 @@ char *buf; *filename_ptr = abfd->filename; - *functionname_ptr = 0; + *functionname_ptr = NULL; *line_ptr = 0; if (disriminator_ptr) *disriminator_ptr = 0; @@ -2808,9 +2808,17 @@ *filename_ptr = main_file_name; else { - sprintf (buf, "%s%s", directory_name, main_file_name); - *filename_ptr = buf; - buf += filelen + 1; + if (buf == NULL) + /* PR binutils/20891: In a corrupt input file both + main_file_name and directory_name can be empty... */ + * filename_ptr = NULL; + else + { + snprintf (buf, filelen + 1, "%s%s", directory_name, + main_file_name); + *filename_ptr = buf; + buf += filelen + 1; + } } }