[binutils] Import patch from mainline to fix seg-fault when reading corrupt group headers. Resolves: BZ #115727

[Nicholas Clifton]

commit b57b4a1e9bfc4316cc58edee7d6f11ab47f49907
Author: Nick Clifton <nickc at redhat.com>
Date:   Mon Oct 27 13:01:52 2014 +0000

    Import patch from mainline to fix seg-fault when reading corrupt group headers.
    Resolves: BZ #1157276, #11527277

 binutils-2.24-corrupt-groups.patch |   86 ++++++++++++++++++++++++++++++++++++
 binutils.spec                      |    8 +++-
 2 files changed, 93 insertions(+), 1 deletions(-)
---
diff --git a/binutils-2.24-corrupt-groups.patch b/binutils-2.24-corrupt-groups.patch
new file mode 100644
index 0000000..b0637f3
--- /dev/null
+++ b/binutils-2.24-corrupt-groups.patch
@@ -0,0 +1,86 @@
+*** ../binutils-2.24.orig/bfd/elf.c	2014-10-27 12:47:20.989181791 +0000
+--- bfd/elf.c	2014-10-27 12:47:33.296248170 +0000
+*************** setup_group (bfd *abfd, Elf_Internal_Shd
+*** 608,616 ****
+  		  if (shdr->contents == NULL)
+  		    {
+  		      _bfd_error_handler
+! 			(_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+  		      bfd_set_error (bfd_error_bad_value);
+! 		      return FALSE;
+  		    }
+  
+  		  memset (shdr->contents, 0, amt);
+--- 608,617 ----
+  		  if (shdr->contents == NULL)
+  		    {
+  		      _bfd_error_handler
+! 			(_("%B: corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+  		      bfd_set_error (bfd_error_bad_value);
+! 		      -- num_group;
+! 		      continue;
+  		    }
+  
+  		  memset (shdr->contents, 0, amt);
+*************** setup_group (bfd *abfd, Elf_Internal_Shd
+*** 618,625 ****
+  		  if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
+  		      || (bfd_bread (shdr->contents, shdr->sh_size, abfd)
+  			  != shdr->sh_size))
+! 		    return FALSE;
+! 
+  		  /* Translate raw contents, a flag word followed by an
+  		     array of elf section indices all in target byte order,
+  		     to the flag word followed by an array of elf section
+--- 619,635 ----
+  		  if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
+  		      || (bfd_bread (shdr->contents, shdr->sh_size, abfd)
+  			  != shdr->sh_size))
+! 		    {
+! 		      _bfd_error_handler
+! 			(_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+! 		      bfd_set_error (bfd_error_bad_value);
+! 		      -- num_group;
+! 		      /* PR 17510: If the group contents are even partially
+! 			 corrupt, do not allow any of the contents to be used.  */
+! 		      memset (shdr->contents, 0, amt);
+! 		      continue;
+! 		    }
+! 		  
+  		  /* Translate raw contents, a flag word followed by an
+  		     array of elf section indices all in target byte order,
+  		     to the flag word followed by an array of elf section
+*************** setup_group (bfd *abfd, Elf_Internal_Shd
+*** 651,656 ****
+--- 661,681 ----
+  		    }
+  		}
+  	    }
++ 
++ 	  /* PR 17510: Corrupt binaries might contain invalid groups.  */
++ 	  if (num_group != (unsigned) elf_tdata (abfd)->num_group)
++ 	    {
++ 	      elf_tdata (abfd)->num_group = num_group;
++ 
++ 	      /* If all groups are invalid then fail.  */
++ 	      if (num_group == 0)
++ 		{
++ 		  elf_tdata (abfd)->group_sect_ptr = NULL;
++ 		  elf_tdata (abfd)->num_group = num_group = -1;
++ 		  (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd);
++ 		  bfd_set_error (bfd_error_bad_value);
++ 		}
++ 	    }
+  	}
+      }
+  
+*************** setup_group (bfd *abfd, Elf_Internal_Shd
+*** 716,721 ****
+--- 741,747 ----
+      {
+        (*_bfd_error_handler) (_("%B: no group info for section %A"),
+  			     abfd, newsect);
++       return FALSE;
+      }
+    return TRUE;
+  }
diff --git a/binutils.spec b/binutils.spec
index d8f7093..15d1018 100644
--- a/binutils.spec
+++ b/binutils.spec
@@ -19,7 +19,7 @@
 Summary: A GNU collection of binary utilities
 Name: %{?cross}binutils%{?_with_debug:-debug}
 Version: 2.24
-Release: 24%{?dist}
+Release: 25%{?dist}
 License: GPLv3+
 Group: Development/Tools
 URL: http://sources.redhat.com/binutils
@@ -73,6 +73,7 @@ Patch28: binutils-2.24-aarch64-fix-static-ifunc.patch
 Patch29: binutils-2.24-aarch64-fix-ie-relax.patch
 Patch30: binutils-HEAD-change-ld-notice-interface.patch
 Patch31: binutils-2.24-corrupt-srec.patch
+Patch32: binutils-2.24-corrupt-groups.patch
 
 Provides: bundled(libiberty)
 
@@ -208,6 +209,7 @@ using libelf instead of BFD.
 %patch29 -p1 -b .aa64-3~
 %patch30 -p1 -b .ldplugin~
 %patch31 -p0 -b .srec~
+%patch32 -p0 -b .groups~
 
 # We cannot run autotools as there is an exact requirement of autoconf-2.59.
 
@@ -522,6 +524,10 @@ exit 0
 %endif # %{isnative}
 
 %changelog
+* Mon Oct 27 2014 Nick Clifton <nickc at redhat.com> - 2.24-25
+- Import patch from mainline to fix seg-fault when reading corrupt group headers.
+  Resolves: BZ #1157276
+
 * Fri Oct 24 2014 Nick Clifton <nickc at redhat.com> - 2.24-24
 - Import patch from mainline to fix seg-fault when reading corrupt srec fields.
   Resolves: BZ #1156272