cross/cross-binutils/binutils-2.24-CVE-2014-8484.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

--- binutils-2.24/bfd/srec.c	2013-11-04 16:33:37.000000000 +0100
+++ binutils-2.24-1/bfd/srec.c	2014-10-24 21:46:38.973046641 +0200
@@ -455,7 +455,7 @@
 	  {
 	    file_ptr pos;
 	    char hdr[3];
-	    unsigned int bytes;
+	    unsigned int bytes, min_bytes;
 	    bfd_vma address;
 	    bfd_byte *data;
 	    unsigned char check_sum;
@@ -478,6 +478,19 @@
 	      }
 
 	    check_sum = bytes = HEX (hdr + 1);
+	    min_bytes = 3;
+	    if (hdr[0] == '2' || hdr[0] == '8')
+	      min_bytes = 4;
+	    else if (hdr[0] == '3' || hdr[0] == '7')
+	      min_bytes = 5;
+	    if (bytes < min_bytes)
+	      {
+		(*_bfd_error_handler) (_("%B:%d: byte count %d too small\n"),
+				       abfd, lineno, bytes);
+		bfd_set_error (bfd_error_bad_value);
+		goto error_return;
+	      }
+
 	    if (bytes * 2 > bufsize)
 	      {
 		if (buf != NULL)