From 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Wed, 21 Dec 2022 11:51:23 +0000
Subject: [PATCH] Fix an attempt to allocate an unreasonably large amount of
 memory when parsing a corrupt ELF file.

	PR  29924
	* objdump.c (load_specific_debug_section): Check for excessively
	large sections.
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd]
CVE: CVE-2022-48063
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Comment: Patch refreshed based on codebase.
---
 binutils/ChangeLog | 6 ++++++
 binutils/objdump.c | 4 +++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index e7f918d3f65..020e09f3700 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2022-12-21  Nick Clifton  <nickc@redhat.com>
+
+	PR  29924
+	* objdump.c (load_specific_debug_section): Check for excessively
+	large sections.
+
 2021-02-11  Alan Modra  <amodra@gmail.com>
 
 	   PR 27290

diff --git a/binutils/objdump.c b/binutils/objdump.c
index d51abbe3858..2eb02de0e76 100644
--- a/binutils/objdump.c
+++ b/binutils/objdump.c
@@ -3479,7 +3479,9 @@
   section->size = bfd_section_size (sec);
   /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */
   alloced = amt = section->size + 1;
-  if (alloced != amt || alloced == 0)
+  if (alloced != amt
+      || alloced == 0
+      || (bfd_get_size (abfd) != 0 && alloced >= bfd_get_size (abfd)))
     {
       section->start = NULL;
       free_debug_section (debug);