From 7211ae501eb0de1044983f2dfb00091a58fbd66c Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Tue, 27 Jun 2017 09:45:04 +0930
Subject: [PATCH] More fixes for bfd_get_section_contents change

	PR binutils/21665
	* libbfd.c (_bfd_generic_get_section_contents): Delete abort.
	Use unsigned file pointer type, and remove cast.
	* libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise.
	Add "count", not "sz".

Upstream-Status: Backport
CVE: CVE-2017-9955 #5
Signed-off-by: Armin Kuster <akuster@mvista.com>

---
 bfd/ChangeLog |  8 ++++++++
 bfd/libbfd.c  | 18 ++++--------------
 2 files changed, 12 insertions(+), 14 deletions(-)

Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
@@ -1,3 +1,11 @@
+2017-06-27  Alan Modra  <amodra@gmail.com>
+
+	PR binutils/21665
+	* libbfd.c (_bfd_generic_get_section_contents): Delete abort.
+	Use unsigned file pointer type, and remove cast.
+	* libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise.
+	Add "count", not "sz".
+
 2017-06-26  Pedro Alves  <palves@redhat.com>
 
 	PR binutils/21665
Index: git/bfd/libbfd.c
===================================================================
--- git.orig/bfd/libbfd.c
+++ git/bfd/libbfd.c
@@ -780,7 +780,7 @@ _bfd_generic_get_section_contents (bfd *
 				   bfd_size_type count)
 {
   bfd_size_type sz;
-  file_ptr filesz;
+  ufile_ptr filesz;
   if (count == 0)
     return TRUE;
 
@@ -804,14 +804,9 @@ _bfd_generic_get_section_contents (bfd *
   else
     sz = section->size;
   filesz = bfd_get_file_size (abfd);
-  if (filesz < 0)
-    {
-      /* This should never happen.  */
-      abort ();
-    }
   if (offset + count < count
       || offset + count > sz
-      || (section->filepos + offset + count) > (bfd_size_type) filesz)
+      || section->filepos + offset + count > filesz)
     {
       bfd_set_error (bfd_error_invalid_operation);
       return FALSE;
@@ -834,7 +829,7 @@ _bfd_generic_get_section_contents_in_win
 {
 #ifdef USE_MMAP
   bfd_size_type sz;
-  file_ptr filesz;
+  ufile_ptr filesz;
 
   if (count == 0)
     return TRUE;
@@ -868,13 +863,8 @@ _bfd_generic_get_section_contents_in_win
   else
     sz = section->size;
   filesz = bfd_get_file_size (abfd);
-  if (filesz < 0)
-    {
-      /* This should never happen.  */
-      abort ();
-    }
   if (offset + count > sz
-      || (section->filepos + offset + sz) > (bfd_size_type) filesz
+      || section->filepos + offset + count > filesz
       || ! bfd_get_file_window (abfd, section->filepos + offset, count, w,
 				TRUE))
     return FALSE;