diff options
Diffstat (limited to 'main/binutils/binutils-2.24-CVE-2014-8484.patch')
| -rw-r--r-- | main/binutils/binutils-2.24-CVE-2014-8484.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/main/binutils/binutils-2.24-CVE-2014-8484.patch b/main/binutils/binutils-2.24-CVE-2014-8484.patch new file mode 100644 index 0000000000..69a5e85064 --- /dev/null +++ b/main/binutils/binutils-2.24-CVE-2014-8484.patch @@ -0,0 +1,31 @@ +--- binutils-2.24/bfd/srec.c 2013-11-04 16:33:37.000000000 +0100 ++++ binutils-2.24-1/bfd/srec.c 2014-10-24 21:46:38.973046641 +0200 +@@ -455,7 +455,7 @@ + { + file_ptr pos; + char hdr[3]; +- unsigned int bytes; ++ unsigned int bytes, min_bytes; + bfd_vma address; + bfd_byte *data; + unsigned char check_sum; +@@ -478,6 +478,19 @@ + } + + check_sum = bytes = HEX (hdr + 1); ++ min_bytes = 3; ++ if (hdr[0] == '2' || hdr[0] == '8') ++ min_bytes = 4; ++ else if (hdr[0] == '3' || hdr[0] == '7') ++ min_bytes = 5; ++ if (bytes < min_bytes) ++ { ++ (*_bfd_error_handler) (_("%B:%d: byte count %d too small\n"), ++ abfd, lineno, bytes); ++ bfd_set_error (bfd_error_bad_value); ++ goto error_return; ++ } ++ + if (bytes * 2 > bufsize) + { + if (buf != NULL) |