Blame SOURCES/binutils-CVE-2019-9075.patch

8c00d6
diff -rup binutils.orig/bfd/archive64.c binutils-2.31.1/bfd/archive64.c
8c00d6
--- binutils.orig/bfd/archive64.c	2019-02-26 11:17:11.882530151 +0000
8c00d6
+++ binutils-2.31.1/bfd/archive64.c	2019-02-26 11:19:18.422488805 +0000
8c00d6
@@ -100,8 +100,6 @@ _bfd_archive_64_bit_slurp_armap (bfd *ab
8c00d6
     return FALSE;
8c00d6
   carsyms = ardata->symdefs;
8c00d6
   stringbase = ((char *) ardata->symdefs) + carsym_size;
8c00d6
-  stringbase[stringsize] = 0;
8c00d6
-  stringend = stringbase + stringsize;
8c00d6
 
8c00d6
   raw_armap = (bfd_byte *) bfd_alloc (abfd, ptrsize);
8c00d6
   if (raw_armap == NULL)
8c00d6
@@ -115,15 +113,17 @@ _bfd_archive_64_bit_slurp_armap (bfd *ab
8c00d6
       goto release_raw_armap;
8c00d6
     }
8c00d6
 
8c00d6
+  stringend = stringbase + stringsize;
8c00d6
+  *stringend = 0;
8c00d6
   for (i = 0; i < nsymz; i++)
8c00d6
     {
8c00d6
       carsyms->file_offset = bfd_getb64 (raw_armap + i * 8);
8c00d6
       carsyms->name = stringbase;
8c00d6
-      if (stringbase < stringend)
8c00d6
-	stringbase += strlen (stringbase) + 1;
8c00d6
+      stringbase += strlen (stringbase);
8c00d6
+      if (stringbase != stringend)
8c00d6
+	++stringbase;
8c00d6
       ++carsyms;
8c00d6
     }
8c00d6
-  *stringbase = '\0';
8c00d6
 
8c00d6
   ardata->symdef_count = nsymz;
8c00d6
   ardata->first_file_filepos = bfd_tell (abfd);
8c00d6
diff -rup binutils.orig/bfd/archive.c binutils-2.31.1/bfd/archive.c
8c00d6
--- binutils.orig/bfd/archive.c	2019-02-26 11:17:11.884530134 +0000
8c00d6
+++ binutils-2.31.1/bfd/archive.c	2019-02-26 11:18:33.354859687 +0000
8c00d6
@@ -1014,6 +1014,7 @@ do_slurp_coff_armap (bfd *abfd)
8c00d6
   int *raw_armap, *rawptr;
8c00d6
   struct artdata *ardata = bfd_ardata (abfd);
8c00d6
   char *stringbase;
8c00d6
+  char *stringend;
8c00d6
   bfd_size_type stringsize;
8c00d6
   bfd_size_type parsed_size;
8c00d6
   carsym *carsyms;
8c00d6
@@ -1073,22 +1074,20 @@ do_slurp_coff_armap (bfd *abfd)
8c00d6
     }
8c00d6
 
8c00d6
   /* OK, build the carsyms.  */
8c00d6
-  for (i = 0; i < nsymz && stringsize > 0; i++)
8c00d6
+  stringend = stringbase + stringsize;
8c00d6
+  *stringend = 0;
8c00d6
+  for (i = 0; i < nsymz; i++)
8c00d6
     {
8c00d6
       bfd_size_type len;
8c00d6
 
8c00d6
       rawptr = raw_armap + i;
8c00d6
       carsyms->file_offset = swap ((bfd_byte *) rawptr);
8c00d6
       carsyms->name = stringbase;
8c00d6
-      /* PR 17512: file: 4a1d50c1.  */
8c00d6
-      len = strnlen (stringbase, stringsize);
8c00d6
-      if (len < stringsize)
8c00d6
-	len ++;
8c00d6
-      stringbase += len;
8c00d6
-      stringsize -= len;
8c00d6
+      stringbase += strlen (stringbase);
8c00d6
+      if (stringbase != stringend)
8c00d6
+	++stringbase;
8c00d6
       carsyms++;
8c00d6
     }
8c00d6
-  *stringbase = 0;
8c00d6
 
8c00d6
   ardata->symdef_count = nsymz;
8c00d6
   ardata->first_file_filepos = bfd_tell (abfd);