From ddef72cdc10d82ba011a7ff81cafbbd3466acf54 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Fri, 21 Apr 2017 12:31:59 +0100
Subject: [PATCH] Fix shift overflow when parsing an overlarge note value.

	PR binutils/21378
	* readelf.c (print_gnu_build_attribute_name): Check for an
	overlarge name field.
---
 binutils/ChangeLog |  6 ++++++
 binutils/readelf.c | 20 ++++++++++++++------
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 5f75c170fa..e833b05540 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,9 @@
+2017-04-21  Nick Clifton  <nickc@redhat.com>
+
+	PR binutils/21378
+	* readelf.c (print_gnu_build_attribute_name): Check for an
+	overlarge name field.
+
 2017-04-13  Nick Clifton  <nickc@redhat.com>
 
 	PR binutils/21379
diff --git a/binutils/readelf.c b/binutils/readelf.c
index ab53473b43..e5756672f4 100644
--- a/binutils/readelf.c
+++ b/binutils/readelf.c
@@ -16948,10 +16948,18 @@ print_gnu_build_attribute_name (Elf_Internal_Note * pnote)
     {
     case GNU_BUILD_ATTRIBUTE_TYPE_NUMERIC:
       {
-	unsigned int   bytes = pnote->namesz - (name - pnote->namedata);
-	unsigned long  val = 0;
-	unsigned int   shift = 0;
-	char *         decoded = NULL;
+	unsigned int        bytes = pnote->namesz - (name - pnote->namedata);
+	unsigned long long  val = 0;
+	unsigned int        shift = 0;
+	char *              decoded = NULL;
+
+	/* PR 21378 */
+	if (bytes > sizeof (val))
+	  {
+	    error (_("corrupt name field: namesz of %lu is too large for a numeric value\n"),
+		   pnote->namesz);
+	    return FALSE;
+	  }
 
 	while (bytes --)
 	  {
@@ -16995,9 +17003,9 @@ print_gnu_build_attribute_name (Elf_Internal_Note * pnote)
 	else
 	  {
 	    if (do_wide)
-	      left -= printf ("0x%lx", val);
+	      left -= printf ("0x%llx", val);
 	    else
-	      left -= printf ("0x%-.*lx", left, val);
+	      left -= printf ("0x%-.*llx", left, val);
 	  }
       }
       break;