From 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Wed, 21 Dec 2022 11:51:23 +0000
Subject: [PATCH] Fix an attempt to allocate an unreasonably large amount of
 memory when parsing a corrupt ELF file.

	PR  29924
	* objdump.c (load_specific_debug_section): Check for excessively
	large sections.

Upstream-Status: Backport
CVE: CVE-2022-48063
Signed-off-by: Armin Kuster <akuster@mvista.com>

---
 binutils/ChangeLog | 6 ++++++
 binutils/objdump.c | 4 +++-
 2 files changed, 9 insertions(+), 1 deletion(-)

Index: git/binutils/objdump.c
===================================================================
--- git.orig/binutils/objdump.c
+++ git/binutils/objdump.c
@@ -3768,7 +3768,9 @@ load_specific_debug_section (enum dwarf_
   section->size = bfd_section_size (sec);
   /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */
   alloced = amt = section->size + 1;
-  if (alloced != amt || alloced == 0)
+  if (alloced != amt
+      || alloced == 0
+      || (bfd_get_size (abfd) != 0 && alloced >= bfd_get_size (abfd)))
     {
       section->start = NULL;
       free_debug_section (debug);
Index: git/binutils/ChangeLog
===================================================================
--- git.orig/binutils/ChangeLog
+++ git/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2022-12-21  Nick Clifton  <nickc@redhat.com>
+
+       PR  29924
+       * objdump.c (load_specific_debug_section): Check for excessively
+       large sections.
+
 2022-03-23  Nick Clifton  <nickc@redhat.com>
 
 	Import patch from mainline: