rpms/gdb/FC-4 gdb-6.3-security-errata-20050610.patch, 1.1, 1.2 gdb.spec, 1.149, 1.150
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Jul 8 18:38:18 UTC 2005
- Previous message (by thread): rpms/eog/devel .cvsignore, 1.16, 1.17 eog.spec, 1.25, 1.26 sources, 1.16, 1.17
- Next message (by thread): rpms/gdb/devel gdb-6.3-security-errata-20050610.patch, 1.1, 1.2 gdb.spec, 1.148, 1.149
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jjohnstn
Update of /cvs/dist/rpms/gdb/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv3472
Modified Files:
gdb-6.3-security-errata-20050610.patch gdb.spec
Log Message:
* Fri Jul 08 2005 Jeff Johnston <jjohnstn at redhat.com> 6.3.0.0-1.33
- Bump up release number.
* Thu Jul 07 2005 Jeff Johnston <jjohnstn at redhat.com> 6.3.0.0-1.31
- Modify security errata to include additional bfd robustness updates
- Bugzilla 158680
gdb-6.3-security-errata-20050610.patch:
bfd/archive.c | 50 ++-
bfd/bfd-in.h | 3
bfd/bfd-in2.h | 3
bfd/coff-rs6000.c | 10
bfd/coff64-rs6000.c | 10
bfd/coffcode.h | 2
bfd/ecoff.c | 12
bfd/elf.c | 236 ++++++++++-----
bfd/elf32-s390.c | 12
bfd/elf32-sparc.c | 12
bfd/elf64-ppc.c | 9
bfd/elf64-s390.c | 12
bfd/elf64-sparc.c | 10
bfd/elf64-x86-64.c | 15 -
bfd/elfcode.h | 77 ++++-
bfd/elfxx-ia64.c | 3
bfd/libbfd-in.h | 11
bfd/libbfd.c | 102 ++++++
bfd/libbfd.h | 11
bfd/opncls.c | 48 +++
bfd/peXXigen.c | 12
gdb/Makefile.in | 2
gdb/cli/cli-cmds.c | 25 +
gdb/config.in | 3
gdb/configure | 505 ++++++++++++++++++----------------
gdb/configure.in | 1
gdb/main.c | 4
gdb/testsuite/gdb.base/gdbinit.exp | 98 ++++++
gdb/testsuite/gdb.base/gdbinit.sample | 1
include/elf/external.h | 3
30 files changed, 936 insertions(+), 366 deletions(-)
Index: gdb-6.3-security-errata-20050610.patch
===================================================================
RCS file: /cvs/dist/rpms/gdb/FC-4/gdb-6.3-security-errata-20050610.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- gdb-6.3-security-errata-20050610.patch 10 Jun 2005 19:52:26 -0000 1.1
+++ gdb-6.3-security-errata-20050610.patch 8 Jul 2005 18:38:14 -0000 1.2
@@ -16,6 +16,8 @@
(source_command): Update documentation. Check permissions if
FROM_TTY is -1.
+bfd changes:
+
2005-05-17 H.J. Lu <hongjiu.lu at intel.com>
* elf.c (group_signature): Check if the symbol table section is
@@ -32,8 +34,96 @@
* elfcode.h (elf_object_p): Add more sanity checks on elf header.
---- gdb-6.3/gdb/cli/cli-cmds.c.fix 2005-06-10 15:36:27.000000000 -0400
-+++ gdb-6.3/gdb/cli/cli-cmds.c 2005-06-10 15:40:20.000000000 -0400
+2005-06-21 Jakub Jelinek <jakub at redhat.com>
+
+ * libbfd-in.h (struct artdata): Add extended_names_size field.
+ * libbfd.h: Rebuilt.
+ * coff-rs600.c (_bfd_xcoff_archive_p): Don't clear fields in freshly
+ allocated object by bfd_zalloc.
+ * coff64-rs6000.c (xcoff64_archive_p): Likewise.
+ * ecoff.c (_bfd_ecoff_archive_p): Likewise.
+ * archive.c (_bfd_generic_mkarchive, bfd_generic_archive_p): Likewise.
+ (get_extended_arelt_filename): Fail if index is bigger or equal to
+ extended_names_size.
+ (_bfd_generic_read_ar_hdr_mag): Don't set bfd_error_malformed_archive,
+ get_extended_arelt_filename already did that.
+ (_bfd_slurp_extended_name_table): Initialize extended_names_size field.
+ Allocate one extra byte and clear it, in case extended names table
+ is not terminated.
+
+2005-06-15 Jakub Jelinek <jakub at redhat.com>
+
+ * libbfd-in.h (bfd_malloc2, bfd_realloc2, bfd_zmalloc2, bfd_alloc2,
+ bfd_zalloc2): New prototypes.
+ * bfd-in.h (HALF_BFD_SIZE_TYPE): Define.
+ * libbfd.c (bfd_malloc2, bfd_realloc2, bfd_zmalloc2): New functions.
+ * opncls.c (bfd_alloc2, bfd_zalloc2): New functions.
+ * elf.c (bfd_elf_get_elf_syms, setup_group, assign_section_numbers,
+ elf_map_symbols, map_sections_to_segments,
+ assign_file_positions_for_segments, copy_private_bfd_data,
+ swap_out_syms, _bfd_elf_slurp_version_tables): Use bfd_*alloc2
+ where appropriate.
+ * bfd-in2.h: Rebuilt.
+ * libbfd.h: Rebuilt.
+
+ * elf.c (_bfd_elf_print_private_bfd_data): Don't crash on bogus
+ verdef or verneed section.
+ (_bfd_elf_slurp_version_tables): Handle corrupt verdef and/or
+ verneed sections gracefully.
+ * elf32-sparc.c (elf32_sparc_info_to_howto): Don't crash on
+ bogus relocation values.
+ * elf64-sparc.c (sparc64_elf_info_to_howto): Likewise.
+ * elf64-ppc.c (ppc64_elf_info_to_howto): Likewise.
+ * elf64-s390.c (elf_s390_info_to_howto): Likewise.
+ * elf32-s390.c (elf_s390_info_to_howto): Likewise.
+ * elf64-x86-64.c (elf64_x86_64_info_to_howto): Likewise.
+ * elfxx-ia64.c (lookup_howto): Likewise.
+
+2005-06-14 Jakub Jelinek <jakub at redhat.com>
+
+ * elf.c (bfd_elf_get_str_section): Allocate an extra byte after
+ the end of strtab and clear it.
+ (elf_read): Remove.
+
+ * elf.c (bfd_section_from_shdr): Fail if name is NULL.
+ Prevent endless recursion on broken objects.
+
+ * archive.c (do_slurp_coff_armap): Check for overflows.
+
+2005-05-26 Jakub Jelinek <jakub at redhat.com>
+
+ * elfcode.h (elf_object_p): Fail if e_shoff != 0, e_shnum == 0 and
+ first shdr has sh_size == 0. Fail if e_shnum is large to cause
+ arithmetic overflow when allocating the i_shdr array.
+ Sanity check sh_link and sh_info fields. Fix e_shstrndx sanity check.
+
+2005-05-18 H.J. Lu <hongjiu.lu at intel.com>
+
+ * elf.c (group_signature): Check if the symbol table section is
+ correct.
+
+2005-05-17 Tavis Ormandy <taviso at gentoo.org>
+
+ * elf.c (bfd_section_from_shdr): Add sanity check when parsing
+ dynamic sections.
+
+2005-05-09 Alan Modra <amodra at bigpond.net.au>
+
+ * elfcode.h (elf_object_p): Add more sanity checks on elf header.
+
+--- gdb-6.3/include/elf/external.h.fix 2005-07-07 19:14:08.000000000 -0400
++++ gdb-6.3/include/elf/external.h 2005-07-07 19:18:27.000000000 -0400
+@@ -272,5 +272,8 @@ typedef struct
+ unsigned char a_val[8];
+ } Elf64_External_Auxv;
+
++/* Size of SHT_GROUP section entry. */
++
++#define GRP_ENTRY_SIZE 4
+
+ #endif /* _ELF_EXTERNAL_H */
+--- gdb-6.3/gdb/cli/cli-cmds.c.fix 2005-07-07 19:16:17.000000000 -0400
++++ gdb-6.3/gdb/cli/cli-cmds.c 2005-07-07 19:18:27.000000000 -0400
@@ -38,6 +38,7 @@
#include "objfiles.h"
#include "source.h"
@@ -85,8 +175,8 @@
script_from_file (stream, file);
do_cleanups (old_cleanups);
---- gdb-6.3/gdb/testsuite/gdb.base/gdbinit.exp.fix 2005-06-10 15:42:54.000000000 -0400
-+++ gdb-6.3/gdb/testsuite/gdb.base/gdbinit.exp 2005-06-10 15:40:20.000000000 -0400
+--- gdb-6.3/gdb/testsuite/gdb.base/gdbinit.exp.fix 2005-07-07 19:19:30.000000000 -0400
++++ gdb-6.3/gdb/testsuite/gdb.base/gdbinit.exp 2005-07-07 19:18:27.000000000 -0400
@@ -0,0 +1,98 @@
+# Copyright 2005
+# Free Software Foundation, Inc.
@@ -186,12 +276,32 @@
+}
+
+remote_exec build "rm .gdbinit"
---- gdb-6.3/gdb/testsuite/gdb.base/gdbinit.sample.fix 2005-06-10 15:43:01.000000000 -0400
-+++ gdb-6.3/gdb/testsuite/gdb.base/gdbinit.sample 2005-06-10 15:40:20.000000000 -0400
+--- gdb-6.3/gdb/testsuite/gdb.base/gdbinit.sample.fix 2005-07-07 19:19:34.000000000 -0400
++++ gdb-6.3/gdb/testsuite/gdb.base/gdbinit.sample 2005-07-07 19:18:27.000000000 -0400
@@ -0,0 +1 @@
+echo "\nin gdbinit"
---- gdb-6.3/gdb/configure.fix 2005-06-10 15:35:47.000000000 -0400
-+++ gdb-6.3/gdb/configure 2005-06-10 15:41:44.000000000 -0400
+--- gdb-6.3/gdb/main.c.fix 2005-07-07 19:14:26.000000000 -0400
++++ gdb-6.3/gdb/main.c 2005-07-07 19:18:55.000000000 -0400
+@@ -609,7 +609,7 @@ extern int gdbtk_test (char *);
+
+ if (!inhibit_gdbinit)
+ {
+- catch_command_errors (source_command, homeinit, 0, RETURN_MASK_ALL);
++ catch_command_errors (source_command, homeinit, -1, RETURN_MASK_ALL);
+ }
+
+ /* Do stats; no need to do them elsewhere since we'll only
+@@ -695,7 +695,7 @@ extern int gdbtk_test (char *);
+ || memcmp ((char *) &homebuf, (char *) &cwdbuf, sizeof (struct stat)))
+ if (!inhibit_gdbinit)
+ {
+- catch_command_errors (source_command, gdbinit, 0, RETURN_MASK_ALL);
++ catch_command_errors (source_command, gdbinit, -1, RETURN_MASK_ALL);
+ }
+
+ for (i = 0; i < ncmd; i++)
+--- gdb-6.3/gdb/configure.fix 2005-07-07 19:15:29.000000000 -0400
++++ gdb-6.3/gdb/configure 2005-07-07 19:20:08.000000000 -0400
@@ -6640,7 +6640,7 @@ else
fi
done
@@ -2087,8 +2197,29 @@
rm -rf conftest*
am_cv_proto_iconv_arg1=""
else
---- gdb-6.3/gdb/config.in.fix 2005-06-10 15:35:33.000000000 -0400
-+++ gdb-6.3/gdb/config.in 2005-06-10 15:40:20.000000000 -0400
+--- gdb-6.3/gdb/configure.in.fix 2005-07-07 19:15:34.000000000 -0400
++++ gdb-6.3/gdb/configure.in 2005-07-07 19:18:27.000000000 -0400
+@@ -440,6 +440,7 @@ AC_FUNC_ALLOCA
+ AC_FUNC_MMAP
+ AC_FUNC_VFORK
+ AC_CHECK_FUNCS(canonicalize_file_name realpath)
++AC_CHECK_FUNCS(getuid)
+ AC_CHECK_FUNCS(poll)
+ AC_CHECK_FUNCS(pread64)
+ AC_CHECK_FUNCS(sbrk)
+--- gdb-6.3/gdb/Makefile.in.fix 2005-07-07 19:16:06.000000000 -0400
++++ gdb-6.3/gdb/Makefile.in 2005-07-07 19:18:27.000000000 -0400
+@@ -2751,7 +2751,7 @@ cli-cmds.o: $(srcdir)/cli/cli-cmds.c $(d
+ $(expression_h) $(frame_h) $(value_h) $(language_h) $(filenames_h) \
+ $(objfiles_h) $(source_h) $(disasm_h) $(ui_out_h) $(top_h) \
+ $(cli_decode_h) $(cli_script_h) $(cli_setshow_h) $(cli_cmds_h) \
+- $(tui_h)
++ $(tui_h) $(gdb_stat_h)
+ $(CC) -c $(INTERNAL_CFLAGS) $(srcdir)/cli/cli-cmds.c
+ cli-decode.o: $(srcdir)/cli/cli-decode.c $(defs_h) $(symtab_h) \
+ $(gdb_regex_h) $(gdb_string_h) $(ui_out_h) $(cli_cmds_h) \
+--- gdb-6.3/gdb/config.in.fix 2005-07-07 19:16:09.000000000 -0400
++++ gdb-6.3/gdb/config.in 2005-07-07 19:18:55.000000000 -0400
@@ -203,6 +203,9 @@
/* Define if you have the getpagesize function. */
#undef HAVE_GETPAGESIZE
@@ -2099,50 +2230,90 @@
/* Define if you have the monstartup function. */
#undef HAVE_MONSTARTUP
---- gdb-6.3/gdb/main.c.fix 2005-06-10 15:35:51.000000000 -0400
-+++ gdb-6.3/gdb/main.c 2005-06-10 15:40:20.000000000 -0400
-@@ -609,7 +609,7 @@ extern int gdbtk_test (char *);
+--- gdb-6.3/bfd/elf.c.fix 2005-07-07 19:09:17.000000000 -0400
++++ gdb-6.3/bfd/elf.c 2005-07-07 19:18:55.000000000 -0400
+@@ -206,28 +206,6 @@ bfd_elf_hash (const char *namearg)
+ return h & 0xffffffff;
+ }
- if (!inhibit_gdbinit)
+-/* Read a specified number of bytes at a specified offset in an ELF
+- file, into a newly allocated buffer, and return a pointer to the
+- buffer. */
+-
+-static char *
+-elf_read (bfd *abfd, file_ptr offset, bfd_size_type size)
+-{
+- char *buf;
+-
+- if ((buf = bfd_alloc (abfd, size)) == NULL)
+- return NULL;
+- if (bfd_seek (abfd, offset, SEEK_SET) != 0)
+- return NULL;
+- if (bfd_bread (buf, size, abfd) != size)
+- {
+- if (bfd_get_error () != bfd_error_system_call)
+- bfd_set_error (bfd_error_file_truncated);
+- return NULL;
+- }
+- return buf;
+-}
+-
+ bfd_boolean
+ bfd_elf_mkobject (bfd *abfd)
+ {
+@@ -267,7 +245,21 @@ bfd_elf_get_str_section (bfd *abfd, unsi
+ /* No cached one, attempt to read, and cache what we read. */
+ offset = i_shdrp[shindex]->sh_offset;
+ shstrtabsize = i_shdrp[shindex]->sh_size;
+- shstrtab = elf_read (abfd, offset, shstrtabsize);
++
++ /* Allocate and clear an extra byte at the end, to prevent crashes
++ in case the string table is not terminated. */
++ if (shstrtabsize + 1 == 0
++ || (shstrtab = bfd_alloc (abfd, shstrtabsize + 1)) == NULL
++ || bfd_seek (abfd, offset, SEEK_SET) != 0)
++ shstrtab = NULL;
++ else if (bfd_bread (shstrtab, shstrtabsize, abfd) != shstrtabsize)
++ {
++ if (bfd_get_error () != bfd_error_system_call)
++ bfd_set_error (bfd_error_file_truncated);
++ shstrtab = NULL;
++ }
++ else
++ shstrtab[shstrtabsize] = '\0';
+ i_shdrp[shindex]->contents = shstrtab;
+ }
+ return shstrtab;
+@@ -348,7 +340,7 @@ bfd_elf_get_elf_syms (bfd *ibfd,
+ pos = symtab_hdr->sh_offset + symoffset * extsym_size;
+ if (extsym_buf == NULL)
+ {
+- alloc_ext = bfd_malloc (amt);
++ alloc_ext = bfd_malloc2 (symcount, extsym_size);
+ extsym_buf = alloc_ext;
+ }
+ if (extsym_buf == NULL
+@@ -367,7 +359,8 @@ bfd_elf_get_elf_syms (bfd *ibfd,
+ pos = shndx_hdr->sh_offset + symoffset * sizeof (Elf_External_Sym_Shndx);
+ if (extshndx_buf == NULL)
{
-- catch_command_errors (source_command, homeinit, 0, RETURN_MASK_ALL);
-+ catch_command_errors (source_command, homeinit, -1, RETURN_MASK_ALL);
+- alloc_extshndx = bfd_malloc (amt);
++ alloc_extshndx = bfd_malloc2 (symcount,
++ sizeof (Elf_External_Sym_Shndx));
+ extshndx_buf = alloc_extshndx;
}
+ if (extshndx_buf == NULL
+@@ -381,8 +374,7 @@ bfd_elf_get_elf_syms (bfd *ibfd,
- /* Do stats; no need to do them elsewhere since we'll only
-@@ -695,7 +695,7 @@ extern int gdbtk_test (char *);
- || memcmp ((char *) &homebuf, (char *) &cwdbuf, sizeof (struct stat)))
- if (!inhibit_gdbinit)
- {
-- catch_command_errors (source_command, gdbinit, 0, RETURN_MASK_ALL);
-+ catch_command_errors (source_command, gdbinit, -1, RETURN_MASK_ALL);
- }
-
- for (i = 0; i < ncmd; i++)
---- gdb-6.3/gdb/Makefile.in.fix 2005-06-10 15:36:01.000000000 -0400
-+++ gdb-6.3/gdb/Makefile.in 2005-06-10 15:40:20.000000000 -0400
-@@ -2751,7 +2751,7 @@ cli-cmds.o: $(srcdir)/cli/cli-cmds.c $(d
- $(expression_h) $(frame_h) $(value_h) $(language_h) $(filenames_h) \
- $(objfiles_h) $(source_h) $(disasm_h) $(ui_out_h) $(top_h) \
- $(cli_decode_h) $(cli_script_h) $(cli_setshow_h) $(cli_cmds_h) \
-- $(tui_h)
-+ $(tui_h) $(gdb_stat_h)
- $(CC) -c $(INTERNAL_CFLAGS) $(srcdir)/cli/cli-cmds.c
- cli-decode.o: $(srcdir)/cli/cli-decode.c $(defs_h) $(symtab_h) \
- $(gdb_regex_h) $(gdb_string_h) $(ui_out_h) $(cli_cmds_h) \
---- gdb-6.3/gdb/configure.in.fix 2005-06-10 15:38:44.000000000 -0400
-+++ gdb-6.3/gdb/configure.in 2005-06-10 15:40:20.000000000 -0400
-@@ -440,6 +440,7 @@ AC_FUNC_ALLOCA
- AC_FUNC_MMAP
- AC_FUNC_VFORK
- AC_CHECK_FUNCS(canonicalize_file_name realpath)
-+AC_CHECK_FUNCS(getuid)
- AC_CHECK_FUNCS(poll)
- AC_CHECK_FUNCS(pread64)
- AC_CHECK_FUNCS(sbrk)
---- gdb-6.3/bfd/elf.c.fix 2005-06-10 15:37:08.000000000 -0400
-+++ gdb-6.3/bfd/elf.c 2005-06-10 15:40:31.000000000 -0400
-@@ -438,8 +438,11 @@ group_signature (bfd *abfd, Elf_Internal
+ if (intsym_buf == NULL)
+ {
+- bfd_size_type amt = symcount * sizeof (Elf_Internal_Sym);
+- intsym_buf = bfd_malloc (amt);
++ intsym_buf = bfd_malloc2 (symcount, sizeof (Elf_Internal_Sym));
+ if (intsym_buf == NULL)
+ goto out;
+ }
+@@ -438,8 +430,11 @@ group_signature (bfd *abfd, Elf_Internal
Elf_External_Sym_Shndx eshndx;
Elf_Internal_Sym isym;
@@ -2156,8 +2327,490 @@
return NULL;
/* Go read the symbol. */
---- gdb-6.3/bfd/elfcode.h.fix 2005-06-10 15:37:17.000000000 -0400
-+++ gdb-6.3/bfd/elfcode.h 2005-06-10 15:40:31.000000000 -0400
+@@ -483,8 +478,9 @@ setup_group (bfd *abfd, Elf_Internal_Shd
+ {
+ /* We keep a list of elf section headers for group sections,
+ so we can find them quickly. */
+- bfd_size_type amt = num_group * sizeof (Elf_Internal_Shdr *);
+- elf_tdata (abfd)->group_sect_ptr = bfd_alloc (abfd, amt);
++ bfd_size_type amt;
++ elf_tdata (abfd)->group_sect_ptr
++ = bfd_alloc2 (abfd, num_group, sizeof (Elf_Internal_Shdr *));
+ if (elf_tdata (abfd)->group_sect_ptr == NULL)
+ return FALSE;
+
+@@ -504,7 +500,8 @@ setup_group (bfd *abfd, Elf_Internal_Shd
+ /* Read the raw contents. */
+ BFD_ASSERT (sizeof (*dest) >= 4);
+ amt = shdr->sh_size * sizeof (*dest) / 4;
+- shdr->contents = bfd_alloc (abfd, amt);
++ shdr->contents = bfd_alloc2 (abfd, shdr->sh_size,
++ sizeof (*dest) / 4);
+ if (shdr->contents == NULL
+ || bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
+ || (bfd_bread (shdr->contents, shdr->sh_size, abfd)
+@@ -1204,8 +1201,9 @@ _bfd_elf_print_private_bfd_data (bfd *ab
+ for (t = elf_tdata (abfd)->verdef; t != NULL; t = t->vd_nextdef)
+ {
+ fprintf (f, "%d 0x%2.2x 0x%8.8lx %s\n", t->vd_ndx,
+- t->vd_flags, t->vd_hash, t->vd_nodename);
+- if (t->vd_auxptr->vda_nextptr != NULL)
++ t->vd_flags, t->vd_hash,
++ t->vd_nodename ? t->vd_nodename : "<corrupt>");
++ if (t->vd_auxptr != NULL && t->vd_auxptr->vda_nextptr != NULL)
+ {
+ Elf_Internal_Verdaux *a;
+
+@@ -1213,7 +1211,8 @@ _bfd_elf_print_private_bfd_data (bfd *ab
+ for (a = t->vd_auxptr->vda_nextptr;
+ a != NULL;
+ a = a->vda_nextptr)
+- fprintf (f, "%s ", a->vda_nodename);
++ fprintf (f, "%s ",
++ a->vda_nodename ? a->vda_nodename : "<corrupt>");
+ fprintf (f, "\n");
+ }
+ }
+@@ -1228,10 +1227,12 @@ _bfd_elf_print_private_bfd_data (bfd *ab
+ {
+ Elf_Internal_Vernaux *a;
+
+- fprintf (f, _(" required from %s:\n"), t->vn_filename);
++ fprintf (f, _(" required from %s:\n"),
++ t->vn_filename ? t->vn_filename : "<corrupt>");
+ for (a = t->vn_auxptr; a != NULL; a = a->vna_nextptr)
+ fprintf (f, " 0x%8.8lx 0x%2.2x %2.2d %s\n", a->vna_hash,
+- a->vna_flags, a->vna_other, a->vna_nodename);
++ a->vna_flags, a->vna_other,
++ a->vna_nodename ? a->vna_nodename : "<corrupt>");
+ }
+ }
+
+@@ -1725,6 +1726,8 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ const char *name;
+
+ name = elf_string_from_elf_strtab (abfd, hdr->sh_name);
++ if (name == NULL)
++ return FALSE;
+
+ switch (hdr->sh_type)
+ {
+@@ -1745,6 +1748,9 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ case SHT_DYNAMIC: /* Dynamic linking information. */
+ if (! _bfd_elf_make_section_from_shdr (abfd, hdr, name))
+ return FALSE;
++ if (hdr->sh_link > elf_numsections (abfd)
++ || elf_elfsections (abfd)[hdr->sh_link] == NULL)
++ return FALSE;
+ if (elf_elfsections (abfd)[hdr->sh_link]->sh_type != SHT_STRTAB)
+ {
+ Elf_Internal_Shdr *dynsymhdr;
+@@ -1779,7 +1785,8 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ if (elf_onesymtab (abfd) == shindex)
+ return TRUE;
+
+- BFD_ASSERT (hdr->sh_entsize == bed->s->sizeof_sym);
++ if (hdr->sh_entsize != bed->s->sizeof_sym)
++ return FALSE;
+ BFD_ASSERT (elf_onesymtab (abfd) == 0);
+ elf_onesymtab (abfd) = shindex;
+ elf_tdata (abfd)->symtab_hdr = *hdr;
+@@ -1803,7 +1810,8 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ if (elf_dynsymtab (abfd) == shindex)
+ return TRUE;
+
+- BFD_ASSERT (hdr->sh_entsize == bed->s->sizeof_sym);
++ if (hdr->sh_entsize != bed->s->sizeof_sym)
++ return FALSE;
+ BFD_ASSERT (elf_dynsymtab (abfd) == 0);
+ elf_dynsymtab (abfd) = shindex;
+ elf_tdata (abfd)->dynsymtab_hdr = *hdr;
+@@ -1846,6 +1854,9 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ Elf_Internal_Shdr *hdr2 = elf_elfsections (abfd)[i];
+ if (hdr2->sh_link == shindex)
+ {
++ /* Prevent endless recursion on broken objects. */
++ if (i == shindex)
++ return FALSE;
+ if (! bfd_section_from_shdr (abfd, i))
+ return FALSE;
+ if (elf_onesymtab (abfd) == i)
+@@ -1889,6 +1900,11 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ Elf_Internal_Shdr *hdr2;
+ unsigned int num_sec = elf_numsections (abfd);
+
++ if (hdr->sh_entsize
++ != (bfd_size_type) (hdr->sh_type == SHT_REL
++ ? bed->s->sizeof_rel : bed->s->sizeof_rela))
++ return FALSE;
++
+ /* Check for a bogus link to avoid crashing. */
+ if ((hdr->sh_link >= SHN_LORESERVE && hdr->sh_link <= SHN_HIRESERVE)
+ || hdr->sh_link >= num_sec)
+@@ -1944,6 +1960,10 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ if (hdr->sh_link != elf_onesymtab (abfd) || hdr->sh_info == SHN_UNDEF)
+ return _bfd_elf_make_section_from_shdr (abfd, hdr, name);
+
++ /* Prevent endless recursion on broken objects. */
++ if (elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_REL
++ || elf_elfsections (abfd)[hdr->sh_info]->sh_type == SHT_RELA)
++ return FALSE;
+ if (! bfd_section_from_shdr (abfd, hdr->sh_info))
+ return FALSE;
+ target_sect = bfd_section_from_elf_index (abfd, hdr->sh_info);
+@@ -1983,6 +2003,8 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ break;
+
+ case SHT_GNU_versym:
++ if (hdr->sh_entsize != sizeof (Elf_External_Versym))
++ return FALSE;
+ elf_dynversym (abfd) = shindex;
+ elf_tdata (abfd)->dynversym_hdr = *hdr;
+ return _bfd_elf_make_section_from_shdr (abfd, hdr, name);
+@@ -2001,6 +2023,8 @@ bfd_section_from_shdr (bfd *abfd, unsign
+ /* We need a BFD section for objcopy and relocatable linking,
+ and it's handy to have the signature available as the section
+ name. */
++ if (hdr->sh_entsize != GRP_ENTRY_SIZE)
++ return FALSE;
+ name = group_signature (abfd, hdr);
+ if (name == NULL)
+ return FALSE;
+@@ -2724,7 +2748,6 @@ assign_section_numbers (bfd *abfd)
+ asection *sec;
+ unsigned int section_number, secn;
+ Elf_Internal_Shdr **i_shdrp;
+- bfd_size_type amt;
+
+ section_number = 1;
+
+@@ -2798,13 +2821,11 @@ assign_section_numbers (bfd *abfd)
+
+ /* Set up the list of section header pointers, in agreement with the
+ indices. */
+- amt = section_number * sizeof (Elf_Internal_Shdr *);
+- i_shdrp = bfd_zalloc (abfd, amt);
++ i_shdrp = bfd_zalloc2 (abfd, section_number, sizeof (Elf_Internal_Shdr *));
+ if (i_shdrp == NULL)
+ return FALSE;
+
+- amt = sizeof (Elf_Internal_Shdr);
+- i_shdrp[0] = bfd_zalloc (abfd, amt);
++ i_shdrp[0] = bfd_zalloc (abfd, sizeof (Elf_Internal_Shdr));
+ if (i_shdrp[0] == NULL)
+ {
+ bfd_release (abfd, i_shdrp);
+@@ -3036,7 +3057,6 @@ elf_map_symbols (bfd *abfd)
+ unsigned int idx;
+ asection *asect;
+ asymbol **new_syms;
+- bfd_size_type amt;
+
+ #ifdef DEBUG
+ fprintf (stderr, "elf_map_symbols\n");
+@@ -3050,8 +3070,7 @@ elf_map_symbols (bfd *abfd)
+ }
+
+ max_index++;
+- amt = max_index * sizeof (asymbol *);
+- sect_syms = bfd_zalloc (abfd, amt);
++ sect_syms = bfd_zalloc2 (abfd, max_index, sizeof (asymbol *));
+ if (sect_syms == NULL)
+ return FALSE;
+ elf_section_syms (abfd) = sect_syms;
+@@ -3124,8 +3143,7 @@ elf_map_symbols (bfd *abfd)
+ }
+
+ /* Now sort the symbols so the local symbols are first. */
+- amt = (num_locals + num_globals) * sizeof (asymbol *);
+- new_syms = bfd_alloc (abfd, amt);
++ new_syms = bfd_alloc2 (abfd, num_locals + num_globals, sizeof (asymbol *));
+
+ if (new_syms == NULL)
+ return FALSE;
+@@ -3384,8 +3402,7 @@ map_sections_to_segments (bfd *abfd)
+
+ /* Select the allocated sections, and sort them. */
+
+- amt = bfd_count_sections (abfd) * sizeof (asection *);
+- sections = bfd_malloc (amt);
++ sections = bfd_malloc2 (bfd_count_sections (abfd), sizeof (asection *));
+ if (sections == NULL)
+ goto error_return;
+
+@@ -3817,7 +3834,6 @@ assign_file_positions_for_segments (bfd
+ bfd_vma filehdr_vaddr, filehdr_paddr;
+ bfd_vma phdrs_vaddr, phdrs_paddr;
+ Elf_Internal_Phdr *p;
+- bfd_size_type amt;
+
+ if (elf_tdata (abfd)->segment_map == NULL)
+ {
+@@ -3889,8 +3905,7 @@ assign_file_positions_for_segments (bfd
+ if (alloc == 0)
+ alloc = count;
+
+- amt = alloc * sizeof (Elf_Internal_Phdr);
+- phdrs = bfd_alloc (abfd, amt);
++ phdrs = bfd_alloc2 (abfd, alloc, sizeof (Elf_Internal_Phdr));
+ if (phdrs == NULL)
+ return FALSE;
+
+@@ -5158,8 +5173,7 @@ copy_private_bfd_data (bfd *ibfd, bfd *o
+
+ /* Gcc 2.96 miscompiles this code on mips. Don't do casting here
+ to work around this long long bug. */
+- amt = section_count * sizeof (asection *);
+- sections = bfd_malloc (amt);
++ sections = bfd_malloc2 (section_count, sizeof (asection *));
+ if (sections == NULL)
+ return FALSE;
+
+@@ -5601,8 +5615,7 @@ swap_out_syms (bfd *abfd,
+ symstrtab_hdr = &elf_tdata (abfd)->strtab_hdr;
+ symstrtab_hdr->sh_type = SHT_STRTAB;
+
+- amt = (bfd_size_type) (1 + symcount) * bed->s->sizeof_sym;
+- outbound_syms = bfd_alloc (abfd, amt);
++ outbound_syms = bfd_alloc2 (abfd, 1 + symcount, bed->s->sizeof_sym);
+ if (outbound_syms == NULL)
+ {
+ _bfd_stringtab_free (stt);
+@@ -5615,7 +5628,8 @@ swap_out_syms (bfd *abfd,
+ if (symtab_shndx_hdr->sh_name != 0)
+ {
+ amt = (bfd_size_type) (1 + symcount) * sizeof (Elf_External_Sym_Shndx);
+- outbound_shndx = bfd_zalloc (abfd, amt);
++ outbound_shndx = bfd_zalloc2 (abfd, 1 + symcount,
++ sizeof (Elf_External_Sym_Shndx));
+ if (outbound_shndx == NULL)
+ {
+ _bfd_stringtab_free (stt);
+@@ -6028,7 +6042,6 @@ bfd_boolean
+ _bfd_elf_slurp_version_tables (bfd *abfd)
+ {
+ bfd_byte *contents = NULL;
+- bfd_size_type amt;
+
+ if (elf_dynverdef (abfd) != 0)
+ {
+@@ -6039,6 +6052,7 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ Elf_Internal_Verdef iverdefmem;
+ unsigned int i;
+ unsigned int maxidx;
++ bfd_byte *contents_end_def, *contents_end_aux;
+
+ hdr = &elf_tdata (abfd)->dynverdef_hdr;
+
+@@ -6049,6 +6063,16 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ || bfd_bread (contents, hdr->sh_size, abfd) != hdr->sh_size)
+ goto error_return;
+
++ if (hdr->sh_info && hdr->sh_size < sizeof (Elf_External_Verdef))
++ goto error_return;
++
++ BFD_ASSERT (sizeof (Elf_External_Verdef)
++ >= sizeof (Elf_External_Verdaux));
++ contents_end_def = contents + hdr->sh_size
++ - sizeof (Elf_External_Verdef);
++ contents_end_aux = contents + hdr->sh_size
++ - sizeof (Elf_External_Verdaux);
++
+ /* We know the number of entries in the section but not the maximum
+ index. Therefore we have to run through all entries and find
+ the maximum. */
+@@ -6061,12 +6085,16 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ if ((iverdefmem.vd_ndx & ((unsigned) VERSYM_VERSION)) > maxidx)
+ maxidx = iverdefmem.vd_ndx & ((unsigned) VERSYM_VERSION);
+
++ if (iverdefmem.vd_next
++ > (size_t) (contents_end_def - (bfd_byte *) everdef))
++ goto error_return;
++
+ everdef = ((Elf_External_Verdef *)
+ ((bfd_byte *) everdef + iverdefmem.vd_next));
+ }
+
+- amt = (bfd_size_type) maxidx * sizeof (Elf_Internal_Verdef);
+- elf_tdata (abfd)->verdef = bfd_zalloc (abfd, amt);
++ elf_tdata (abfd)->verdef = bfd_zalloc2 (abfd, maxidx,
++ sizeof (Elf_Internal_Verdef));
+ if (elf_tdata (abfd)->verdef == NULL)
+ goto error_return;
+
+@@ -6082,15 +6110,32 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+
+ _bfd_elf_swap_verdef_in (abfd, everdef, &iverdefmem);
+
++ if ((iverdefmem.vd_ndx & VERSYM_VERSION) == 0)
++ {
++error_return_verdef:
++ elf_tdata (abfd)->verdef = NULL;
++ elf_tdata (abfd)->cverdefs = 0;
++ goto error_return;
++ }
++
+ iverdef = &iverdefarr[(iverdefmem.vd_ndx & VERSYM_VERSION) - 1];
+ memcpy (iverdef, &iverdefmem, sizeof (Elf_Internal_Verdef));
+
+ iverdef->vd_bfd = abfd;
+
+- amt = (bfd_size_type) iverdef->vd_cnt * sizeof (Elf_Internal_Verdaux);
+- iverdef->vd_auxptr = bfd_alloc (abfd, amt);
+- if (iverdef->vd_auxptr == NULL)
+- goto error_return;
++ if (iverdef->vd_cnt == 0)
++ iverdef->vd_auxptr = NULL;
++ else
++ {
++ iverdef->vd_auxptr = bfd_alloc2 (abfd, iverdef->vd_cnt,
++ sizeof (Elf_Internal_Verdaux));
++ if (iverdef->vd_auxptr == NULL)
++ goto error_return_verdef;
++ }
++
++ if (iverdef->vd_aux
++ > (size_t) (contents_end_aux - (bfd_byte *) everdef))
++ goto error_return_verdef;
+
+ everdaux = ((Elf_External_Verdaux *)
+ ((bfd_byte *) everdef + iverdef->vd_aux));
+@@ -6103,20 +6148,25 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ bfd_elf_string_from_elf_section (abfd, hdr->sh_link,
+ iverdaux->vda_name);
+ if (iverdaux->vda_nodename == NULL)
+- goto error_return;
++ goto error_return_verdef;
+
+ if (j + 1 < iverdef->vd_cnt)
+ iverdaux->vda_nextptr = iverdaux + 1;
+ else
+ iverdaux->vda_nextptr = NULL;
+
++ if (iverdaux->vda_next
++ > (size_t) (contents_end_aux - (bfd_byte *) everdaux))
++ goto error_return_verdef;
++
+ everdaux = ((Elf_External_Verdaux *)
+ ((bfd_byte *) everdaux + iverdaux->vda_next));
+ }
+
+- iverdef->vd_nodename = iverdef->vd_auxptr->vda_nodename;
++ if (iverdef->vd_cnt)
++ iverdef->vd_nodename = iverdef->vd_auxptr->vda_nodename;
+
+- if (i + 1 < hdr->sh_info)
++ if ((size_t) (iverdef - iverdefarr) + 1 < maxidx)
+ iverdef->vd_nextdef = iverdef + 1;
+ else
+ iverdef->vd_nextdef = NULL;
+@@ -6135,11 +6185,12 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ Elf_External_Verneed *everneed;
+ Elf_Internal_Verneed *iverneed;
+ unsigned int i;
++ bfd_byte *contents_end;
+
+ hdr = &elf_tdata (abfd)->dynverref_hdr;
+
+- amt = (bfd_size_type) hdr->sh_info * sizeof (Elf_Internal_Verneed);
+- elf_tdata (abfd)->verref = bfd_zalloc (abfd, amt);
++ elf_tdata (abfd)->verref = bfd_zalloc2 (abfd, hdr->sh_info,
++ sizeof (Elf_Internal_Verneed));
+ if (elf_tdata (abfd)->verref == NULL)
+ goto error_return;
+
+@@ -6147,11 +6198,22 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+
+ contents = bfd_malloc (hdr->sh_size);
+ if (contents == NULL)
+- goto error_return;
++ {
++error_return_verref:
++ elf_tdata (abfd)->verref = NULL;
++ elf_tdata (abfd)->cverrefs = 0;
++ goto error_return;
++ }
+ if (bfd_seek (abfd, hdr->sh_offset, SEEK_SET) != 0
+ || bfd_bread (contents, hdr->sh_size, abfd) != hdr->sh_size)
+- goto error_return;
++ goto error_return_verref;
+
++ if (hdr->sh_info && hdr->sh_size < sizeof (Elf_External_Verneed))
++ goto error_return_verref;
++
++ BFD_ASSERT (sizeof (Elf_External_Verneed)
++ == sizeof (Elf_External_Vernaux));
++ contents_end = contents + hdr->sh_size - sizeof (Elf_External_Verneed);
+ everneed = (Elf_External_Verneed *) contents;
+ iverneed = elf_tdata (abfd)->verref;
+ for (i = 0; i < hdr->sh_info; i++, iverneed++)
+@@ -6168,11 +6230,21 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ bfd_elf_string_from_elf_section (abfd, hdr->sh_link,
+ iverneed->vn_file);
+ if (iverneed->vn_filename == NULL)
+- goto error_return;
++ goto error_return_verref;
+
+- amt = iverneed->vn_cnt;
+- amt *= sizeof (Elf_Internal_Vernaux);
+- iverneed->vn_auxptr = bfd_alloc (abfd, amt);
++ if (iverneed->vn_cnt == 0)
++ iverneed->vn_auxptr = NULL;
++ else
++ {
++ iverneed->vn_auxptr = bfd_alloc2 (abfd, iverneed->vn_cnt,
++ sizeof (Elf_Internal_Vernaux));
++ if (iverneed->vn_auxptr == NULL)
++ goto error_return_verref;
++ }
++
++ if (iverneed->vn_aux
++ > (size_t) (contents_end - (bfd_byte *) everneed))
++ goto error_return_verref;
+
+ evernaux = ((Elf_External_Vernaux *)
+ ((bfd_byte *) everneed + iverneed->vn_aux));
+@@ -6185,13 +6257,17 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ bfd_elf_string_from_elf_section (abfd, hdr->sh_link,
+ ivernaux->vna_name);
+ if (ivernaux->vna_nodename == NULL)
+- goto error_return;
++ goto error_return_verref;
+
+ if (j + 1 < iverneed->vn_cnt)
+ ivernaux->vna_nextptr = ivernaux + 1;
+ else
+ ivernaux->vna_nextptr = NULL;
+
++ if (ivernaux->vna_next
++ > (size_t) (contents_end - (bfd_byte *) evernaux))
++ goto error_return_verref;
++
+ evernaux = ((Elf_External_Vernaux *)
+ ((bfd_byte *) evernaux + ivernaux->vna_next));
+ }
+@@ -6201,6 +6277,10 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ else
+ iverneed->vn_nextref = NULL;
+
++ if (iverneed->vn_next
++ > (size_t) (contents_end - (bfd_byte *) everneed))
++ goto error_return_verref;
++
+ everneed = ((Elf_External_Verneed *)
+ ((bfd_byte *) everneed + iverneed->vn_next));
+ }
+--- gdb-6.3/bfd/elfcode.h.fix 2005-07-07 19:09:22.000000000 -0400
++++ gdb-6.3/bfd/elfcode.h 2005-07-07 19:18:55.000000000 -0400
+@@ -33,7 +33,7 @@ Foundation, Inc., 59 Temple Place - Suit
+ /* Problems and other issues to resolve.
+
+ (1) BFD expects there to be some fixed number of "sections" in
+- the object file. I.E. there is a "section_count" variable in the
++ the object file. I.E. there is a "section_count" variable in the
+ bfd structure which contains the number of sections. However, ELF
+ supports multiple "views" of a file. In particular, with current
+ implementations, executable files typically have two tables, a
@@ -613,8 +613,13 @@ elf_object_p (bfd *abfd)
if (i_ehdrp->e_shoff != 0)
@@ -2261,3 +2914,679 @@
/* Read in the program headers. */
if (i_ehdrp->e_phnum == 0)
elf_tdata (abfd)->phdr = NULL;
+@@ -1059,7 +1124,7 @@ elf_slurp_symbol_table (bfd *abfd, asymb
+ symcount);
+
+ /* Slurp in the symbols without the version information,
+- since that is more helpful than just quitting. */
++ since that is more helpful than just quitting. */
+ verhdr = NULL;
+ }
+
+@@ -1126,7 +1191,7 @@ elf_slurp_symbol_table (bfd *abfd, asymb
+ sym->symbol.section = bfd_abs_section_ptr;
+
+ /* If this is a relocatable file, then the symbol value is
+- already section relative. */
++ already section relative. */
+ if ((abfd->flags & (EXEC_P | DYNAMIC)) != 0)
+ sym->symbol.value -= sym->symbol.section->vma;
+
+--- gdb-6.3/bfd/archive.c.fix 2005-07-07 19:09:29.000000000 -0400
++++ gdb-6.3/bfd/archive.c 2005-07-07 19:18:55.000000000 -0400
+@@ -170,11 +170,13 @@ _bfd_generic_mkarchive (bfd *abfd)
+ if (bfd_ardata (abfd) == NULL)
+ return FALSE;
+
+- bfd_ardata (abfd)->cache = NULL;
+- bfd_ardata (abfd)->archive_head = NULL;
+- bfd_ardata (abfd)->symdefs = NULL;
+- bfd_ardata (abfd)->extended_names = NULL;
+- bfd_ardata (abfd)->tdata = NULL;
++ /* Already cleared by bfd_zalloc above.
++ bfd_ardata (abfd)->cache = NULL;
++ bfd_ardata (abfd)->archive_head = NULL;
++ bfd_ardata (abfd)->symdefs = NULL;
++ bfd_ardata (abfd)->extended_names = NULL;
++ bfd_ardata (abfd)->extended_names_size = 0;
++ bfd_ardata (abfd)->tdata = NULL; */
+
+ return TRUE;
+ }
+@@ -302,7 +304,7 @@ get_extended_arelt_filename (bfd *arch,
+ errno = 0;
+ /* Skip first char, which is '/' in SVR4 or ' ' in some other variants. */
+ index = strtol (name + 1, NULL, 10);
+- if (errno != 0)
++ if (errno != 0 || index >= bfd_ardata (arch)->extended_names_size)
+ {
+ bfd_set_error (bfd_error_malformed_archive);
+ return NULL;
+@@ -372,10 +374,7 @@ _bfd_generic_read_ar_hdr_mag (bfd *abfd,
+ {
+ filename = get_extended_arelt_filename (abfd, hdr.ar_name);
+ if (filename == NULL)
+- {
+- bfd_set_error (bfd_error_malformed_archive);
+- return NULL;
+- }
++ return NULL;
+ }
+ /* BSD4.4-style long filename.
+ Only implemented for reading, so far! */
+@@ -601,11 +600,13 @@ bfd_generic_archive_p (bfd *abfd)
+ }
+
+ bfd_ardata (abfd)->first_file_filepos = SARMAG;
+- bfd_ardata (abfd)->cache = NULL;
+- bfd_ardata (abfd)->archive_head = NULL;
+- bfd_ardata (abfd)->symdefs = NULL;
+- bfd_ardata (abfd)->extended_names = NULL;
+- bfd_ardata (abfd)->tdata = NULL;
++ /* Cleared by bfd_zalloc above.
++ bfd_ardata (abfd)->cache = NULL;
++ bfd_ardata (abfd)->archive_head = NULL;
++ bfd_ardata (abfd)->symdefs = NULL;
++ bfd_ardata (abfd)->extended_names = NULL;
++ bfd_ardata (abfd)->extended_names_size = 0;
++ bfd_ardata (abfd)->tdata = NULL; */
+
+ if (!BFD_SEND (abfd, _bfd_slurp_armap, (abfd))
+ || !BFD_SEND (abfd, _bfd_slurp_extended_name_table, (abfd)))
+@@ -804,9 +805,15 @@ do_slurp_coff_armap (bfd *abfd)
+ /* The coff armap must be read sequentially. So we construct a
+ bsd-style one in core all at once, for simplicity. */
+
++ if (nsymz > ~ (bfd_size_type) 0 / sizeof (carsym))
++ return FALSE;
++
+ carsym_size = (nsymz * sizeof (carsym));
+ ptrsize = (4 * nsymz);
+
++ if (carsym_size + stringsize + 1 <= carsym_size)
++ return FALSE;
++
+ ardata->symdefs = bfd_zalloc (abfd, carsym_size + stringsize + 1);
+ if (ardata->symdefs == NULL)
+ return FALSE;
+@@ -1043,6 +1050,7 @@ _bfd_slurp_extended_name_table (bfd *abf
+ strncmp (nextname, "// ", 16) != 0)
+ {
+ bfd_ardata (abfd)->extended_names = NULL;
++ bfd_ardata (abfd)->extended_names_size = 0;
+ return TRUE;
+ }
+
+@@ -1051,7 +1059,11 @@ _bfd_slurp_extended_name_table (bfd *abf
+ return FALSE;
+
+ amt = namedata->parsed_size;
+- bfd_ardata (abfd)->extended_names = bfd_zalloc (abfd, amt);
++ if (amt + 1 == 0)
++ goto byebye;
++
++ bfd_ardata (abfd)->extended_names_size = amt;
++ bfd_ardata (abfd)->extended_names = bfd_zalloc (abfd, amt + 1);
+ if (bfd_ardata (abfd)->extended_names == NULL)
+ {
+ byebye:
+@@ -1074,15 +1086,17 @@ _bfd_slurp_extended_name_table (bfd *abf
+ trailing '/'. DOS/NT created archive often have \ in them
+ We'll fix all problems here.. */
+ {
+- char *temp = bfd_ardata (abfd)->extended_names;
++ char *ext_names = bfd_ardata (abfd)->extended_names;
++ char *temp = ext_names;
+ char *limit = temp + namedata->parsed_size;
+ for (; temp < limit; ++temp)
+ {
+ if (*temp == '\012')
+- temp[temp[-1] == '/' ? -1 : 0] = '\0';
++ temp[temp > ext_names && temp[-1] == '/' ? -1 : 0] = '\0';
+ if (*temp == '\\')
+ *temp = '/';
+ }
++ *limit = '\0';
+ }
+
+ /* Pad to an even boundary if you have to. */
+--- gdb-6.3/bfd/libbfd-in.h.fix 2005-07-07 19:09:39.000000000 -0400
++++ gdb-6.3/bfd/libbfd-in.h 2005-07-07 19:18:55.000000000 -0400
+@@ -61,6 +61,7 @@ struct artdata {
+ carsym *symdefs; /* the symdef entries */
+ symindex symdef_count; /* how many there are */
+ char *extended_names; /* clever intel extension */
++ bfd_size_type extended_names_size; /* Size of extended names */
+ /* when more compilers are standard C, this can be a time_t */
+ long armap_timestamp; /* Timestamp value written into armap.
+ This is used for BSD archives to check
+@@ -90,6 +91,12 @@ extern void *bfd_realloc
+ (void *, bfd_size_type);
+ extern void *bfd_zmalloc
+ (bfd_size_type);
++extern void *bfd_malloc2
++ (bfd_size_type, bfd_size_type);
++extern void *bfd_realloc2
++ (void *, bfd_size_type, bfd_size_type);
++extern void *bfd_zmalloc2
++ (bfd_size_type, bfd_size_type);
+
+ extern void _bfd_default_error_handler (const char *s, ...);
+ extern bfd_error_handler_type _bfd_error_handler;
+@@ -100,6 +107,10 @@ extern void *bfd_alloc
+ (bfd *, bfd_size_type);
+ extern void *bfd_zalloc
+ (bfd *, bfd_size_type);
++extern void *bfd_alloc2
++ (bfd *, bfd_size_type, bfd_size_type);
++extern void *bfd_zalloc2
++ (bfd *, bfd_size_type, bfd_size_type);
+ extern void bfd_release
+ (bfd *, void *);
+
+--- gdb-6.3/bfd/bfd-in.h.fix 2005-07-07 19:09:45.000000000 -0400
++++ gdb-6.3/bfd/bfd-in.h 2005-07-07 19:18:55.000000000 -0400
+@@ -144,6 +144,9 @@ typedef unsigned long bfd_size_type;
+
+ #endif /* not BFD64 */
+
++#define HALF_BFD_SIZE_TYPE \
++ (((bfd_size_type) 1) << (8 * sizeof (bfd_size_type) / 2))
++
+ #ifndef BFD_HOST_64_BIT
+ /* Fall back on a 32 bit type. The idea is to make these types always
+ available for function return types, but in the case that
+--- gdb-6.3/bfd/libbfd.c.fix 2005-07-07 19:09:51.000000000 -0400
++++ gdb-6.3/bfd/libbfd.c 2005-07-07 19:18:55.000000000 -0400
+@@ -156,6 +156,36 @@ bfd_malloc (bfd_size_type size)
+ return ptr;
+ }
+
++/* Allocate memory using malloc, nmemb * size with overflow checking. */
++
++void *
++bfd_malloc2 (bfd_size_type nmemb, bfd_size_type size)
++{
++ void *ptr;
++
++ if ((nmemb | size) >= HALF_BFD_SIZE_TYPE
++ && size != 0
++ && nmemb > ~(bfd_size_type) 0 / size)
++ {
++ bfd_set_error (bfd_error_no_memory);
++ return NULL;
++ }
++
++ size *= nmemb;
++
++ if (size != (size_t) size)
++ {
++ bfd_set_error (bfd_error_no_memory);
++ return NULL;
++ }
++
++ ptr = malloc ((size_t) size);
++ if (ptr == NULL && (size_t) size != 0)
++ bfd_set_error (bfd_error_no_memory);
++
++ return ptr;
++}
++
+ /* Reallocate memory using realloc. */
+
+ void *
+@@ -180,6 +210,40 @@ bfd_realloc (void *ptr, bfd_size_type si
+ return ret;
+ }
+
++/* Reallocate memory using realloc, nmemb * size with overflow checking. */
++
++void *
++bfd_realloc2 (void *ptr, bfd_size_type nmemb, bfd_size_type size)
++{
++ void *ret;
++
++ if ((nmemb | size) >= HALF_BFD_SIZE_TYPE
++ && size != 0
++ && nmemb > ~(bfd_size_type) 0 / size)
++ {
++ bfd_set_error (bfd_error_no_memory);
++ return NULL;
++ }
++
++ size *= nmemb;
++
++ if (size != (size_t) size)
++ {
++ bfd_set_error (bfd_error_no_memory);
++ return NULL;
++ }
++
++ if (ptr == NULL)
++ ret = malloc ((size_t) size);
++ else
++ ret = realloc (ptr, (size_t) size);
++
++ if (ret == NULL && (size_t) size != 0)
++ bfd_set_error (bfd_error_no_memory);
++
++ return ret;
++}
++
+ /* Allocate memory using malloc and clear it. */
+
+ void *
+@@ -205,6 +269,44 @@ bfd_zmalloc (bfd_size_type size)
+
+ return ptr;
+ }
++
++/* Allocate memory using malloc (nmemb * size) with overflow checking
++ and clear it. */
++
++void *
++bfd_zmalloc2 (bfd_size_type nmemb, bfd_size_type size)
++{
++ void *ptr;
++
++ if ((nmemb | size) >= HALF_BFD_SIZE_TYPE
++ && size != 0
++ && nmemb > ~(bfd_size_type) 0 / size)
++ {
++ bfd_set_error (bfd_error_no_memory);
++ return NULL;
++ }
++
++ size *= nmemb;
++
++ if (size != (size_t) size)
++ {
++ bfd_set_error (bfd_error_no_memory);
++ return NULL;
++ }
++
++ ptr = malloc ((size_t) size);
++
++ if ((size_t) size != 0)
++ {
++ if (ptr == NULL)
++ bfd_set_error (bfd_error_no_memory);
++ else
++ memset (ptr, 0, (size_t) size);
++ }
++
++ return ptr;
++}
++
+ /*
+ INTERNAL_FUNCTION
+ bfd_write_bigendian_4byte_int
+--- gdb-6.3/bfd/opncls.c.fix 2005-07-07 19:09:59.000000000 -0400
++++ gdb-6.3/bfd/opncls.c 2005-07-07 19:18:55.000000000 -0400
+@@ -849,6 +849,54 @@ bfd_zalloc (bfd *abfd, bfd_size_type siz
+ return res;
+ }
+
++void *
++bfd_alloc2 (bfd *abfd, bfd_size_type nmemb, bfd_size_type size)
++{
++ void *ret;
++
++ if ((nmemb | size) >= HALF_BFD_SIZE_TYPE
++ && size != 0
++ && nmemb > ~(bfd_size_type) 0 / size)
++ {
++ bfd_set_error (bfd_error_no_memory);
++ return NULL;
++ }
++
++ size *= nmemb;
++
++ if (size != (unsigned long) size)
++ {
++ bfd_set_error (bfd_error_no_memory);
++ return NULL;
++ }
++
++ ret = objalloc_alloc (abfd->memory, (unsigned long) size);
++ if (ret == NULL)
++ bfd_set_error (bfd_error_no_memory);
++ return ret;
++}
++
++void *
++bfd_zalloc2 (bfd *abfd, bfd_size_type nmemb, bfd_size_type size)
++{
++ void *res;
++
++ if ((nmemb | size) >= HALF_BFD_SIZE_TYPE
++ && size != 0
++ && nmemb > ~(bfd_size_type) 0 / size)
++ {
++ bfd_set_error (bfd_error_no_memory);
++ return NULL;
++ }
++
++ size *= nmemb;
++
++ res = bfd_alloc (abfd, size);
++ if (res)
++ memset (res, 0, (size_t) size);
++ return res;
++}
++
+ /* Free a block allocated for a BFD.
+ Note: Also frees all more recently allocated blocks! */
+
+--- gdb-6.3/bfd/bfd-in2.h.fix 2005-07-07 19:10:08.000000000 -0400
++++ gdb-6.3/bfd/bfd-in2.h 2005-07-07 19:18:55.000000000 -0400
+@@ -151,6 +151,9 @@ typedef unsigned long bfd_size_type;
+
+ #endif /* not BFD64 */
+
++#define HALF_BFD_SIZE_TYPE \
++ (((bfd_size_type) 1) << (8 * sizeof (bfd_size_type) / 2))
++
+ #ifndef BFD_HOST_64_BIT
+ /* Fall back on a 32 bit type. The idea is to make these types always
+ available for function return types, but in the case that
+--- gdb-6.3/bfd/libbfd.h.fix 2005-07-07 19:10:13.000000000 -0400
++++ gdb-6.3/bfd/libbfd.h 2005-07-07 19:18:55.000000000 -0400
+@@ -66,6 +66,7 @@ struct artdata {
+ carsym *symdefs; /* the symdef entries */
+ symindex symdef_count; /* how many there are */
+ char *extended_names; /* clever intel extension */
++ bfd_size_type extended_names_size; /* Size of extended names */
+ /* when more compilers are standard C, this can be a time_t */
+ long armap_timestamp; /* Timestamp value written into armap.
+ This is used for BSD archives to check
+@@ -95,6 +96,12 @@ extern void *bfd_realloc
+ (void *, bfd_size_type);
+ extern void *bfd_zmalloc
+ (bfd_size_type);
++extern void *bfd_malloc2
++ (bfd_size_type, bfd_size_type);
++extern void *bfd_realloc2
++ (void *, bfd_size_type, bfd_size_type);
++extern void *bfd_zmalloc2
++ (bfd_size_type, bfd_size_type);
+
+ extern void _bfd_default_error_handler (const char *s, ...);
+ extern bfd_error_handler_type _bfd_error_handler;
+@@ -105,6 +112,10 @@ extern void *bfd_alloc
+ (bfd *, bfd_size_type);
+ extern void *bfd_zalloc
+ (bfd *, bfd_size_type);
++extern void *bfd_alloc2
++ (bfd *, bfd_size_type, bfd_size_type);
++extern void *bfd_zalloc2
++ (bfd *, bfd_size_type, bfd_size_type);
+ extern void bfd_release
+ (bfd *, void *);
+
+--- gdb-6.3/bfd/elf32-sparc.c.fix 2005-07-07 19:10:19.000000000 -0400
++++ gdb-6.3/bfd/elf32-sparc.c 2005-07-07 19:18:55.000000000 -0400
+@@ -313,7 +313,8 @@ elf32_sparc_info_to_howto (abfd, cache_p
+ arelent *cache_ptr;
+ Elf_Internal_Rela *dst;
+ {
+- switch (ELF32_R_TYPE(dst->r_info))
++ unsigned int r_type = ELF32_R_TYPE(dst->r_info);
++ switch (r_type)
+ {
+ case R_SPARC_GNU_VTINHERIT:
+ cache_ptr->howto = &elf32_sparc_vtinherit_howto;
+@@ -328,8 +329,13 @@ elf32_sparc_info_to_howto (abfd, cache_p
+ break;
+
+ default:
+- BFD_ASSERT (ELF32_R_TYPE(dst->r_info) < (unsigned int) R_SPARC_max_std);
+- cache_ptr->howto = &_bfd_sparc_elf_howto_table[ELF32_R_TYPE(dst->r_info)];
++ if (r_type >= (unsigned int) R_SPARC_max_std)
++ {
++ (*_bfd_error_handler) (_("invalid relocation type %d"),
++ (int) r_type);
++ r_type = R_SPARC_NONE;
++ }
++ cache_ptr->howto = &_bfd_sparc_elf_howto_table[r_type];
+ }
+ }
+
+--- gdb-6.3/bfd/elf64-ppc.c.fix 2005-07-07 19:10:27.000000000 -0400
++++ gdb-6.3/bfd/elf64-ppc.c 2005-07-07 19:18:55.000000000 -0400
+@@ -2118,8 +2118,13 @@ ppc64_elf_info_to_howto (bfd *abfd ATTRI
+ ppc_howto_init ();
+
+ type = ELF64_R_TYPE (dst->r_info);
+- BFD_ASSERT (type < (sizeof (ppc64_elf_howto_table)
+- / sizeof (ppc64_elf_howto_table[0])));
++ if (type >= (sizeof (ppc64_elf_howto_table)
++ / sizeof (ppc64_elf_howto_table[0])))
++ {
++ (*_bfd_error_handler) (_("%B: invalid relocation type %d"),
++ abfd, (int) type);
++ type = R_PPC64_NONE;
++ }
+ cache_ptr->howto = ppc64_elf_howto_table[type];
+ }
+
+--- gdb-6.3/bfd/elf64-sparc.c.fix 2005-07-07 19:10:35.000000000 -0400
++++ gdb-6.3/bfd/elf64-sparc.c 2005-07-07 19:18:55.000000000 -0400
+@@ -310,8 +310,14 @@ sparc64_elf_info_to_howto (abfd, cache_p
+ arelent *cache_ptr;
+ Elf_Internal_Rela *dst;
+ {
+- BFD_ASSERT (ELF64_R_TYPE_ID (dst->r_info) < (unsigned int) R_SPARC_max_std);
+- cache_ptr->howto = &sparc64_elf_howto_table[ELF64_R_TYPE_ID (dst->r_info)];
++ unsigned int r_type = ELF64_R_TYPE_ID (dst->r_info);
++ if (r_type >= (unsigned int) R_SPARC_max_std)
++ {
++ (*_bfd_error_handler) (_("invalid relocation type %d"),
++ (int) r_type);
++ r_type = R_SPARC_NONE;
++ }
++ cache_ptr->howto = &sparc64_elf_howto_table[r_type];
+ }
+
+ struct sparc64_elf_section_data
+--- gdb-6.3/bfd/elf32-s390.c.fix 2005-07-07 19:10:58.000000000 -0400
++++ gdb-6.3/bfd/elf32-s390.c 2005-07-07 19:18:55.000000000 -0400
+@@ -350,7 +350,8 @@ elf_s390_info_to_howto (abfd, cache_ptr,
+ arelent *cache_ptr;
+ Elf_Internal_Rela *dst;
+ {
+- switch (ELF32_R_TYPE(dst->r_info))
++ unsigned int r_type = ELF32_R_TYPE(dst->r_info);
++ switch (r_type)
+ {
+ case R_390_GNU_VTINHERIT:
+ cache_ptr->howto = &elf32_s390_vtinherit_howto;
+@@ -361,8 +362,13 @@ elf_s390_info_to_howto (abfd, cache_ptr,
+ break;
+
+ default:
+- BFD_ASSERT (ELF32_R_TYPE(dst->r_info) < (unsigned int) R_390_max);
+- cache_ptr->howto = &elf_howto_table[ELF32_R_TYPE(dst->r_info)];
++ if (r_type >= sizeof (elf_howto_table) / sizeof (elf_howto_table[0]))
++ {
++ (*_bfd_error_handler) (_("%B: invalid relocation type %d"),
++ abfd, (int) r_type);
++ r_type = R_390_NONE;
++ }
++ cache_ptr->howto = &elf_howto_table[r_type];
+ }
+ }
+
+--- gdb-6.3/bfd/elf64-s390.c.fix 2005-07-07 19:11:09.000000000 -0400
++++ gdb-6.3/bfd/elf64-s390.c 2005-07-07 19:18:55.000000000 -0400
+@@ -372,7 +372,8 @@ elf_s390_info_to_howto (abfd, cache_ptr,
+ arelent *cache_ptr;
+ Elf_Internal_Rela *dst;
+ {
+- switch (ELF64_R_TYPE(dst->r_info))
++ unsigned int r_type = ELF64_R_TYPE(dst->r_info);
++ switch (r_type)
+ {
+ case R_390_GNU_VTINHERIT:
+ cache_ptr->howto = &elf64_s390_vtinherit_howto;
+@@ -383,8 +384,13 @@ elf_s390_info_to_howto (abfd, cache_ptr,
+ break;
+
+ default:
+- BFD_ASSERT (ELF64_R_TYPE(dst->r_info) < (unsigned int) R_390_max);
+- cache_ptr->howto = &elf_howto_table[ELF64_R_TYPE(dst->r_info)];
++ if (r_type >= sizeof (elf_howto_table) / sizeof (elf_howto_table[0]))
++ {
++ (*_bfd_error_handler) (_("%B: invalid relocation type %d"),
++ abfd, (int) r_type);
++ r_type = R_390_NONE;
++ }
++ cache_ptr->howto = &elf_howto_table[r_type];
+ }
+ }
+
+--- gdb-6.3/bfd/elfxx-ia64.c.fix 2005-07-07 19:11:16.000000000 -0400
++++ gdb-6.3/bfd/elfxx-ia64.c 2005-07-07 19:18:55.000000000 -0400
+@@ -479,7 +479,8 @@ lookup_howto (rtype)
+ elf_code_to_howto_index[ia64_howto_table[i].type] = i;
+ }
+
+- BFD_ASSERT (rtype <= R_IA64_MAX_RELOC_CODE);
++ if (rtype > R_IA64_MAX_RELOC_CODE)
++ return 0;
+ i = elf_code_to_howto_index[rtype];
+ if (i >= NELEMS (ia64_howto_table))
+ return 0;
+--- gdb-6.3/bfd/coffcode.h.fix 2005-07-07 19:11:23.000000000 -0400
++++ gdb-6.3/bfd/coffcode.h 2005-07-07 19:18:55.000000000 -0400
+@@ -5060,7 +5060,7 @@ coff_slurp_reloc_table (abfd, asect, sym
+ amt = (bfd_size_type) asect->reloc_count * sizeof (arelent);
+ reloc_cache = (arelent *) bfd_alloc (abfd, amt);
+
+- if (reloc_cache == NULL)
++ if (reloc_cache == NULL || native_relocs == NULL)
+ return FALSE;
+
+ for (idx = 0; idx < asect->reloc_count; idx++)
+--- gdb-6.3/bfd/peXXigen.c.fix 2005-07-07 19:11:29.000000000 -0400
++++ gdb-6.3/bfd/peXXigen.c 2005-07-07 19:18:55.000000000 -0400
+@@ -1167,7 +1167,7 @@ pe_print_idata (abfd, vfile)
+ bfd_vma toc_address;
+ bfd_vma start_address;
+ bfd_byte *data;
+- int offset;
++ bfd_vma offset;
+
+ if (!bfd_malloc_and_get_section (abfd, rel_section, &data))
+ {
+@@ -1178,6 +1178,13 @@ pe_print_idata (abfd, vfile)
+
+ offset = abfd->start_address - rel_section->vma;
+
++ if (offset >= rel_section->size || offset + 8 > rel_section->size)
++ {
++ if (data != NULL)
++ free (data);
++ return FALSE;
++ }
++
+ start_address = bfd_get_32 (abfd, data + offset);
+ loadable_toc_address = bfd_get_32 (abfd, data + offset + 4);
+ toc_address = loadable_toc_address - 32768;
+@@ -1251,6 +1258,9 @@ pe_print_idata (abfd, vfile)
+ if (hint_addr == 0 && first_thunk == 0)
+ break;
+
++ if (dll_name - adj >= section->size)
++ break;
++
+ dll = (char *) data + dll_name - adj;
+ fprintf (file, _("\n\tDLL Name: %s\n"), dll);
+
+--- gdb-6.3/bfd/coff-rs6000.c.fix 2005-07-07 19:11:38.000000000 -0400
++++ gdb-6.3/bfd/coff-rs6000.c 2005-07-07 19:18:55.000000000 -0400
+@@ -1294,10 +1294,12 @@ _bfd_xcoff_archive_p (abfd)
+ if (bfd_ardata (abfd) == (struct artdata *) NULL)
+ goto error_ret_restore;
+
+- bfd_ardata (abfd)->cache = NULL;
+- bfd_ardata (abfd)->archive_head = NULL;
+- bfd_ardata (abfd)->symdefs = NULL;
+- bfd_ardata (abfd)->extended_names = NULL;
++ /* Cleared by bfd_zalloc above.
++ bfd_ardata (abfd)->cache = NULL;
++ bfd_ardata (abfd)->archive_head = NULL;
++ bfd_ardata (abfd)->symdefs = NULL;
++ bfd_ardata (abfd)->extended_names = NULL;
++ bfd_ardata (abfd)->extended_names_size = 0; */
+
+ /* Now handle the two formats. */
+ if (magic[1] != 'b')
+--- gdb-6.3/bfd/coff64-rs6000.c.fix 2005-07-07 19:11:46.000000000 -0400
++++ gdb-6.3/bfd/coff64-rs6000.c 2005-07-07 19:18:55.000000000 -0400
+@@ -1983,10 +1983,12 @@ xcoff64_archive_p (abfd)
+ if (bfd_ardata (abfd) == (struct artdata *) NULL)
+ goto error_ret_restore;
+
+- bfd_ardata (abfd)->cache = NULL;
+- bfd_ardata (abfd)->archive_head = NULL;
+- bfd_ardata (abfd)->symdefs = NULL;
+- bfd_ardata (abfd)->extended_names = NULL;
++ /* Already cleared by bfd_zalloc above.
++ bfd_ardata (abfd)->cache = NULL;
++ bfd_ardata (abfd)->archive_head = NULL;
++ bfd_ardata (abfd)->symdefs = NULL;
++ bfd_ardata (abfd)->extended_names = NULL;
++ bfd_ardata (abfd)->extended_names_size = 0; */
+ bfd_ardata (abfd)->first_file_filepos = bfd_scan_vma (hdr.firstmemoff,
+ (const char **) NULL,
+ 10);
+--- gdb-6.3/bfd/ecoff.c.fix 2005-07-07 19:11:51.000000000 -0400
++++ gdb-6.3/bfd/ecoff.c 2005-07-07 19:18:55.000000000 -0400
+@@ -3329,11 +3329,13 @@ _bfd_ecoff_archive_p (abfd)
+ }
+
+ bfd_ardata (abfd)->first_file_filepos = SARMAG;
+- bfd_ardata (abfd)->cache = NULL;
+- bfd_ardata (abfd)->archive_head = NULL;
+- bfd_ardata (abfd)->symdefs = NULL;
+- bfd_ardata (abfd)->extended_names = NULL;
+- bfd_ardata (abfd)->tdata = NULL;
++ /* Already cleared by bfd_zalloc above.
++ bfd_ardata (abfd)->cache = NULL;
++ bfd_ardata (abfd)->archive_head = NULL;
++ bfd_ardata (abfd)->symdefs = NULL;
++ bfd_ardata (abfd)->extended_names = NULL;
++ bfd_ardata (abfd)->extended_names_size = 0;
++ bfd_ardata (abfd)->tdata = NULL; */
+
+ if (! _bfd_ecoff_slurp_armap (abfd)
+ || ! _bfd_ecoff_slurp_extended_name_table (abfd))
+--- gdb-6.3/bfd/elf64-x86-64.c.fix 2005-07-07 19:17:31.000000000 -0400
++++ gdb-6.3/bfd/elf64-x86-64.c 2005-07-07 19:18:55.000000000 -0400
+@@ -176,16 +176,19 @@ elf64_x86_64_info_to_howto (bfd *abfd AT
+ unsigned r_type, i;
+
+ r_type = ELF64_R_TYPE (dst->r_info);
+- if (r_type < (unsigned int) R_X86_64_GNU_VTINHERIT)
++ if (r_type < (unsigned int) R_X86_64_GNU_VTINHERIT
++ || r_type >= (unsigned int) R_X86_64_max)
+ {
+- BFD_ASSERT (r_type <= (unsigned int) R_X86_64_TPOFF32);
++ if (r_type > (unsigned int) R_X86_64_TPOFF32)
++ {
++ (*_bfd_error_handler) (_("%B: invalid relocation type %d"),
++ abfd, (int) r_type);
++ r_type = R_X86_64_NONE;
++ }
+ i = r_type;
+ }
+ else
+- {
+- BFD_ASSERT (r_type < (unsigned int) R_X86_64_max);
+- i = r_type - ((unsigned int) R_X86_64_GNU_VTINHERIT - R_X86_64_TPOFF32 - 1);
+- }
++ i = r_type - ((unsigned int) R_X86_64_GNU_VTINHERIT - R_X86_64_TPOFF32 - 1);
+ cache_ptr->howto = &x86_64_elf_howto_table[i];
+ BFD_ASSERT (r_type == cache_ptr->howto->type);
+ }
Index: gdb.spec
===================================================================
RCS file: /cvs/dist/rpms/gdb/FC-4/gdb.spec,v
retrieving revision 1.149
retrieving revision 1.150
diff -u -r1.149 -r1.150
--- gdb.spec 10 Jun 2005 19:52:26 -0000 1.149
+++ gdb.spec 8 Jul 2005 18:38:14 -0000 1.150
@@ -11,7 +11,7 @@
Version: 6.3.0.0
# The release always contains a leading reserved number, start it at 0.
-Release: 1.30
+Release: 1.33
License: GPL
Group: Development/Debuggers
@@ -479,6 +479,13 @@
# don't include the files in include, they are part of binutils
%changelog
+* Fri Jul 08 2005 Jeff Johnston <jjohnstn at redhat.com> 6.3.0.0-1.33
+- Bump up release number.
+
+* Thu Jul 07 2005 Jeff Johnston <jjohnstn at redhat.com> 6.3.0.0-1.31
+- Modify security errata to include additional bfd robustness updates
+- Bugzilla 158680
+
* Fri Jun 10 2005 Jeff Johnston <jjohnstn at redhat.com> 6.3.0.0-1.30
- Bump up release number.
- Previous message (by thread): rpms/eog/devel .cvsignore, 1.16, 1.17 eog.spec, 1.25, 1.26 sources, 1.16, 1.17
- Next message (by thread): rpms/gdb/devel gdb-6.3-security-errata-20050610.patch, 1.1, 1.2 gdb.spec, 1.148, 1.149
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list