From f32ba72991d2406b21ab17edc234a2f3fa7fb23d Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Mon, 3 Apr 2017 11:01:45 +0100
Subject: [PATCH] readelf: Update check for invalid word offsets in ARM unwind
 information.

	PR binutils/21343
	* readelf.c (get_unwind_section_word): Fix snafu checking for
	invalid word offsets in ARM unwind information.

Upstream-Status: Backport
CVE: CVE-2017-9039
Affects: binutils <= 2.28
Signed-off-by: Armin Kuster <akuster@mvista.com>

---
 binutils/ChangeLog | 6 ++++++
 binutils/readelf.c | 6 +++---
 2 files changed, 9 insertions(+), 3 deletions(-)

Index: git/binutils/readelf.c
===================================================================
--- git.orig/binutils/readelf.c
+++ git/binutils/readelf.c
@@ -7745,9 +7745,9 @@ get_unwind_section_word (struct arm_unw_
     return FALSE;
 
   /* If the offset is invalid then fail.  */
-  if (word_offset > (sec->sh_size - 4)
-      /* PR 18879 */
-      || (sec->sh_size < 5 && word_offset >= sec->sh_size)
+  if (/* PR 21343 *//* PR 18879 */
+      sec->sh_size < 4
+      || word_offset > (sec->sh_size - 4)
       || ((bfd_signed_vma) word_offset) < 0)
     return FALSE;
 
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2017-04-03  Nick Clifton  <nickc@redhat.com>
+
+	PR binutils/21343
+	* readelf.c (get_unwind_section_word): Fix snafu checking for
+	invalid word offsets in ARM unwind information.
+
 2017-04-04  Nick Clifton  <nickc@redhat.com>
 
        PR binutils/21342