Blame SOURCES/binutils-CVE-2018-10534.patch

13ae24
--- binutils.orig/bfd/peXXigen.c	2018-05-10 10:09:03.619147342 +0100
13ae24
+++ binutils-2.30/bfd/peXXigen.c	2018-05-10 10:20:20.884883540 +0100
13ae24
@@ -2991,6 +2991,15 @@ _bfd_XX_bfd_copy_private_bfd_data_common
13ae24
 				  bfd_get_section_size (section) - (addr - section->vma));
13ae24
 	      return FALSE;
13ae24
 	    }
13ae24
+	  /* PR 23110.  */
13ae24
+	  else if (ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size < 0)
13ae24
+	    {
13ae24
+	      /* xgettext:c-format */
13ae24
+	      _bfd_error_handler
13ae24
+		(_("%pB: Data Directory size (%#lx) is negative"),
13ae24
+		 obfd, ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size);
13ae24
+	      return FALSE;
13ae24
+	    }
13ae24
 
13ae24
 	  for (i = 0; i < ope->pe_opthdr.DataDirectory[PE_DEBUG_DATA].Size
13ae24
 		 / sizeof (struct external_IMAGE_DEBUG_DIRECTORY); i++)