Upstream-Status: Backport

CVE-2014-8484 fix.

[YOCTO #7084]

Signed-off-by: Armin Kuster <akuster808@gmail.com>

From bd25671c6f202c4a5108883caa2adb24ff6f361f Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Fri, 29 Aug 2014 10:36:29 +0930
Subject: [PATCH] Report an error for S-records with less than the miniumum
 size

	* srec.c (srec_scan): Revert last change.  Report an error for
	S-records with less than the miniumum byte count.
---
 bfd/ChangeLog |  5 +++++
 bfd/srec.c    | 18 +++++++++++++++---
 2 files changed, 20 insertions(+), 3 deletions(-)

Index: binutils-2.24/bfd/srec.c
===================================================================
--- binutils-2.24.orig/bfd/srec.c
+++ binutils-2.24/bfd/srec.c
@@ -455,7 +455,7 @@ srec_scan (bfd *abfd)
 	  {
 	    file_ptr pos;
 	    char hdr[3];
-	    unsigned int bytes;
+	    unsigned int bytes, min_bytes;
 	    bfd_vma address;
 	    bfd_byte *data;
 	    unsigned char check_sum;
@@ -478,6 +478,19 @@ srec_scan (bfd *abfd)
 	      }
 
 	    check_sum = bytes = HEX (hdr + 1);
+	    min_bytes = 3;
+	    if (hdr[0] == '2' || hdr[0] == '8')
+	      min_bytes = 4;
+	    else if (hdr[0] == '3' || hdr[0] == '7')
+	      min_bytes = 5;
+	    if (bytes < min_bytes)
+	      {
+		(*_bfd_error_handler) (_("%B:%d: byte count %d too small\n"),
+				       abfd, lineno, bytes);
+		bfd_set_error (bfd_error_bad_value);
+		goto error_return;
+	      }
+
 	    if (bytes * 2 > bufsize)
 	      {
 		if (buf != NULL)
Index: binutils-2.24/bfd/ChangeLog
===================================================================
--- binutils-2.24.orig/bfd/ChangeLog
+++ binutils-2.24/bfd/ChangeLog
@@ -1,3 +1,8 @@
+2014-08-29  Alan Modra  <amodra@gmail.com>
+
+       * srec.c (srec_scan): Revert last change.  Report an error for
+       S-records with less than the miniumum byte count.
+
 2013-12-02  Tristan Gingold  <gingold@adacore.com>
 
 	* configure.in: Bump version to 2.24