From 6aea08d9f3e3d6475a65454da488a0c51f5dc97d Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Tue, 17 Apr 2018 12:35:55 +0100
Subject: [PATCH] Fix illegal memory access when parsing corrupt DWARF
 information.

	PR 23064
	* dwarf.c (process_cu_tu_index): Test for a potential buffer
	overrun before copying signature pointer.

Upstream-Status: Backport
Affects: Binutils <= 2.30
CVE: CVE-2018-10372
Signed-off-by: Armin Kuster <akuster@mvista.com>

---
 binutils/ChangeLog |  6 ++++++
 binutils/dwarf.c   | 13 ++++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)

Index: git/binutils/dwarf.c
===================================================================
--- git.orig/binutils/dwarf.c
+++ git/binutils/dwarf.c
@@ -9252,7 +9252,18 @@ process_cu_tu_index (struct dwarf_sectio
 		}
 
 	      if (!do_display)
-		memcpy (&this_set[row - 1].signature, ph, sizeof (uint64_t));
+		{
+		  size_t num_copy = sizeof (uint64_t);
+
+		  /* PR 23064: Beware of buffer overflow.  */
+		  if (ph + num_copy < limit)
+		    memcpy (&this_set[row - 1].signature, ph, num_copy);
+		  else
+		    {
+		      warn (_("Signature (%p) extends beyond end of space in section\n"), ph);
+		      return 0;
+		    }
+		}
 
 	      prow = poffsets + (row - 1) * ncols * 4;
 	      /* PR 17531: file: b8ce60a8.  */
Index: git/binutils/ChangeLog
===================================================================
--- git.orig/binutils/ChangeLog
+++ git/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2018-04-17  Nick Clifton  <nickc@redhat.com>
+
+       PR 23064
+       * dwarf.c (process_cu_tu_index): Test for a potential buffer
+       overrun before copying signature pointer.
+
 2018-01-27  Nick Clifton  <nickc@redhat.com>
 
 	Back to development.