1 files changed, 47 insertions, 0 deletions

diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-18605.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-18605.patch
new file mode 100644
index 000000000..d6c706771
--- /dev/null
+++ b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-18605.patch
@@ -0,0 +1,47 @@
+From ab419ddbb2cdd17ca83618990f2cacf904ce1d61 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 23 Oct 2018 18:29:24 +1030
+Subject: [PATCH] PR23804, buffer overflow in sec_merge_hash_lookup
+
+	PR 23804
+	* merge.c (_bfd_add_merge_section): Don't attempt to merge
+	sections where size is not a multiple of entsize.
+
+Upstream-Status: Backport
+CVE: CVE-2018-18605
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/merge.c   | 3 +++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/bfd/ChangeLog b/bfd/ChangeLog
+index 31ff3d6..da423b1 100644
+--- a/bfd/ChangeLog
++++ b/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2018-10-23  Alan Modra  <amodra@gmail.com>
++
++	PR 23804
++	* merge.c (_bfd_add_merge_section): Don't attempt to merge
++	sections where size is not a multiple of entsize.
++
+ 2018-10-13  Alan Modra  <amodra@gmail.com>
+ 
+ 	PR 23770
+diff --git a/bfd/merge.c b/bfd/merge.c
+index 7904552..5e3bba0 100644
+--- a/bfd/merge.c
++++ b/bfd/merge.c
+@@ -376,6 +376,9 @@ _bfd_add_merge_section (bfd *abfd, void **psinfo, asection *sec,
+       || sec->entsize == 0)
+     return TRUE;
+ 
++  if (sec->size % sec->entsize != 0)
++    return TRUE;
++
+   if ((sec->flags & SEC_RELOC) != 0)
+     {
+       /* We aren't prepared to handle relocations in merged sections.  */
+-- 
+2.9.3