[binutils/f21] Import patch from mainline to fix seg-fault when reading corrupt srec fields. Resolves: BZ #1156272

[Nicholas Clifton]

commit 3a03b12b6d92924f7a9064a8776444c389c32e74
Author: Nick Clifton <nickc at redhat.com>
Date:   Fri Oct 24 16:08:16 2014 +0100

    Import patch from mainline to fix seg-fault when reading corrupt srec fields.
    Resolves: BZ #1156272

 binutils-2.24-corrupt-srec.patch |   41 ++++++++++++++++++++++++++++++++++++++
 binutils.spec                    |    7 +++++-
 2 files changed, 47 insertions(+), 1 deletions(-)
---
diff --git a/binutils-2.24-corrupt-srec.patch b/binutils-2.24-corrupt-srec.patch
new file mode 100644
index 0000000..59eafbd
--- /dev/null
+++ b/binutils-2.24-corrupt-srec.patch
@@ -0,0 +1,41 @@
+*** ../binutils-2.24.orig/bfd/srec.c	2014-10-24 15:34:34.156138230 +0100
+--- bfd/srec.c	2014-10-24 15:42:41.462592601 +0100
+*************** srec_scan (bfd *abfd)
+*** 455,461 ****
+  	  {
+  	    file_ptr pos;
+  	    char hdr[3];
+! 	    unsigned int bytes;
+  	    bfd_vma address;
+  	    bfd_byte *data;
+  	    unsigned char check_sum;
+--- 455,461 ----
+  	  {
+  	    file_ptr pos;
+  	    char hdr[3];
+! 	    unsigned int bytes, min_bytes;
+  	    bfd_vma address;
+  	    bfd_byte *data;
+  	    unsigned char check_sum;
+*************** srec_scan (bfd *abfd)
+*** 478,483 ****
+--- 478,496 ----
+  	      }
+  
+  	    check_sum = bytes = HEX (hdr + 1);
++ 	    min_bytes = 3;
++ 	    if (hdr[0] == '2' || hdr[0] == '8')
++ 	      min_bytes = 4;
++ 	    else if (hdr[0] == '3' || hdr[0] == '7')
++ 	      min_bytes = 5;
++ 	    if (bytes < min_bytes)
++ 	      {
++ 		(*_bfd_error_handler) (_("%B:%d: byte count %d too small\n"),
++ 				       abfd, lineno, bytes);
++ 		bfd_set_error (bfd_error_bad_value);
++ 		goto error_return;
++ 	      }
++ 
+  	    if (bytes * 2 > bufsize)
+  	      {
+  		if (buf != NULL)
diff --git a/binutils.spec b/binutils.spec
index 772b8c2..84597fe 100644
--- a/binutils.spec
+++ b/binutils.spec
@@ -17,7 +17,7 @@
 Summary: A GNU collection of binary utilities
 Name: %{?cross}binutils%{?_with_debug:-debug}
 Version: 2.24
-Release: 21%{?dist}
+Release: 22%{?dist}
 License: GPLv3+
 Group: Development/Tools
 URL: http://sources.redhat.com/binutils
@@ -70,6 +70,7 @@ Patch27: binutils-2.24-aarch64-fix-gotplt-offset-ifunc.patch
 Patch28: binutils-2.24-aarch64-fix-static-ifunc.patch
 Patch29: binutils-2.24-aarch64-fix-ie-relax.patch
 Patch30: binutils-HEAD-change-ld-notice-interface.patch
+Patch31: binutils-2.24-corrupt-srec.patch
 
 Provides: bundled(libiberty)
 
@@ -515,6 +516,10 @@ exit 0
 %endif # %{isnative}
 
 %changelog
+* Fri Oct 24 2014 Nick Clifton <nickc at redhat.com> - 2.24-22
+- Import patch from mainline to fix seg-fault when reading corrupt srec fields.
+  Resolves: BZ #1156272
+
 * Tue Aug 26 2014 Kyle McMartin <kmcmarti at redhat.com> - 2.24-21
 - aarch64: increase common page size to 64KB
 - binutils-HEAD-change-ld-notice-interface.patch: backport fix from HEAD