--- binutils.orig/binutils/readelf.c	2018-05-31 10:14:28.019641872 +0100

+++ binutils-2.29/binutils/readelf.c	2018-05-31 10:57:28.912460915 +0100

@@ -10154,9 +10154,8 @@ process_version_sections (FILE * file)

 	case SHT_GNU_verdef:

 	  {

 	    Elf_External_Verdef * edefs;

-	    unsigned int idx;

-	    unsigned int cnt;

-	    unsigned int end;

+	    unsigned long idx;

+	    unsigned long cnt;

 	    char * endbuf;

 	    found = TRUE;

@@ -10178,23 +10177,16 @@ process_version_sections (FILE * file)

 	      break;

 	    endbuf = (char *) edefs + section->sh_size;

-	    /* PR 17531: file: id:000001,src:000172+005151,op:splice,rep:2.  */

-	    end = (section->sh_info < section->sh_size

-		   ? section->sh_info : section->sh_size);

-	    for (idx = cnt = 0; cnt < end; ++cnt)

+	    for (idx = cnt = 0; cnt < section->sh_info; ++cnt)

 	      {

 		char * vstart;

 		Elf_External_Verdef * edef;

 		Elf_Internal_Verdef ent;

 		Elf_External_Verdaux * eaux;

 		Elf_Internal_Verdaux aux;

-		unsigned int isum;

+		unsigned long isum;

 		int j;

-		/* Check for very large indices.  */

-		if (idx > (size_t) (endbuf - (char *) edefs))

-		  break;

-

 		vstart = ((char *) edefs) + idx;

 		if (vstart + sizeof (*edef) > endbuf)

 		  break;

@@ -10209,19 +10201,20 @@ process_version_sections (FILE * file)

 		ent.vd_aux     = BYTE_GET (edef->vd_aux);

 		ent.vd_next    = BYTE_GET (edef->vd_next);

-		printf (_("  %#06x: Rev: %d  Flags: %s"),

+		printf (_("  %#06lx: Rev: %d  Flags: %s"),

 			idx, ent.vd_version, get_ver_flags (ent.vd_flags));

 		printf (_("  Index: %d  Cnt: %d  "),

 			ent.vd_ndx, ent.vd_cnt);

-		/* Check for overflow and underflow.  */

-		if (ent.vd_aux + sizeof (* eaux) > (size_t) (endbuf - vstart)

-		    || (vstart + ent.vd_aux < vstart))

+		/* Check for overflow.  */

+		if (ent.vd_aux > (size_t) (endbuf - vstart))

 		  break;

 		vstart += ent.vd_aux;

+		if (vstart + sizeof (*eaux) > endbuf)

+		  break;

 		eaux = (Elf_External_Verdaux *) vstart;

 		aux.vda_name = BYTE_GET (eaux->vda_name);

@@ -10236,6 +10229,14 @@ process_version_sections (FILE * file)

 		for (j = 1; j < ent.vd_cnt; j++)

 		  {

+		    if (aux.vda_next < sizeof (*eaux)

+			&& !(j == ent.vd_cnt - 1 && aux.vda_next == 0))

+		      {

+			warn (_("Invalid vda_next field of %lx\n"),

+			      aux.vda_next);

+			j = ent.vd_cnt;

+			break;

+		      }

 		    /* Check for overflow.  */

 		    if (aux.vda_next > (size_t) (endbuf - vstart))

 		      break;

@@ -10243,18 +10244,18 @@ process_version_sections (FILE * file)

 		    isum   += aux.vda_next;

 		    vstart += aux.vda_next;

-		    eaux = (Elf_External_Verdaux *) vstart;

 		    if (vstart + sizeof (*eaux) > endbuf)

 		      break;

+		    eaux = (Elf_External_Verdaux *) vstart;

 		    aux.vda_name = BYTE_GET (eaux->vda_name);

 		    aux.vda_next = BYTE_GET (eaux->vda_next);

 		    if (VALID_DYNAMIC_NAME (aux.vda_name))

-		      printf (_("  %#06x: Parent %d: %s\n"),

+		      printf (_("  %#06lx: Parent %d: %s\n"),

 			      isum, j, GET_DYNAMIC_NAME (aux.vda_name));

 		    else

-		      printf (_("  %#06x: Parent %d, name index: %ld\n"),

+		      printf (_("  %#06lx: Parent %d, name index: %ld\n"),

 			      isum, j, aux.vda_name);

 		  }

@@ -10263,7 +10264,14 @@ process_version_sections (FILE * file)

 		/* PR 17531:

 		   file: id:000001,src:000172+005151,op:splice,rep:2.  */

-		if (idx + ent.vd_next < idx)

+		if (ent.vd_next < sizeof (*edef)

+		    && !(cnt == section->sh_info - 1 && ent.vd_next == 0))

+		  {

+		    warn (_("Invalid vd_next field of %lx\n"), ent.vd_next);

+		    cnt = section->sh_info;

+		    break;

+		  }

+		if (ent.vd_next > (size_t) (endbuf - ((char *) edefs + idx)))

 		  break;

 		idx += ent.vd_next;

@@ -10279,8 +10287,8 @@ process_version_sections (FILE * file)

 	case SHT_GNU_verneed:

 	  {

 	    Elf_External_Verneed * eneed;

-	    unsigned int idx;

-	    unsigned int cnt;

+	    unsigned long idx;

+	    unsigned long cnt;

 	    char * endbuf;

 	    found = TRUE;

@@ -10306,13 +10314,10 @@ process_version_sections (FILE * file)

 	      {

 		Elf_External_Verneed * entry;

 		Elf_Internal_Verneed ent;

-		unsigned int isum;

+		unsigned long isum;

 		int j;

 		char * vstart;

-		if (idx > (size_t) (endbuf - (char *) eneed))

-		  break;

-

 		vstart = ((char *) eneed) + idx;

 		if (vstart + sizeof (*entry) > endbuf)

 		  break;

@@ -10325,7 +10330,7 @@ process_version_sections (FILE * file)

 		ent.vn_aux     = BYTE_GET (entry->vn_aux);

 		ent.vn_next    = BYTE_GET (entry->vn_next);

-		printf (_("  %#06x: Version: %d"), idx, ent.vn_version);

+		printf (_("  %#06lx: Version: %d"), idx, ent.vn_version);

 		if (VALID_DYNAMIC_NAME (ent.vn_file))

 		  printf (_("  File: %s"), GET_DYNAMIC_NAME (ent.vn_file));

@@ -10355,24 +10360,26 @@ process_version_sections (FILE * file)

 		    aux.vna_next  = BYTE_GET (eaux->vna_next);

 		    if (VALID_DYNAMIC_NAME (aux.vna_name))

-		      printf (_("  %#06x:   Name: %s"),

+		      printf (_("  %#06lx:   Name: %s"),

 			      isum, GET_DYNAMIC_NAME (aux.vna_name));

 		    else

-		      printf (_("  %#06x:   Name index: %lx"),

+		      printf (_("  %#06lx:   Name index: %lx"),

 			      isum, aux.vna_name);

 		    printf (_("  Flags: %s  Version: %d\n"),

 			    get_ver_flags (aux.vna_flags), aux.vna_other);

-		    /* Check for overflow.  */

-		    if (aux.vna_next > (size_t) (endbuf - vstart)

-			|| (aux.vna_next == 0 && j < ent.vn_cnt - 1))

+		    if (aux.vna_next < sizeof (*eaux)

+			&& !(j == ent.vn_cnt - 1 && aux.vna_next == 0))

 		      {

 			warn (_("Invalid vna_next field of %lx\n"),

 			      aux.vna_next);

 			j = ent.vn_cnt;

 			break;

 		      }

+		    /* Check for overflow.  */

+		    if (aux.vna_next > (size_t) (endbuf - vstart))

+		      break;

 		    isum   += aux.vna_next;

 		    vstart += aux.vna_next;

 		  }

@@ -10380,12 +10387,15 @@ process_version_sections (FILE * file)

 		if (j < ent.vn_cnt)

 		  warn (_("Missing Version Needs auxillary information\n"));

-		if (ent.vn_next == 0 && cnt < section->sh_info - 1)

+		if (ent.vn_next < sizeof (*entry)

+		    && !(cnt == section->sh_info - 1 && ent.vn_next == 0))

 		  {

-		    warn (_("Corrupt Version Needs structure - offset to next structure is zero with entries still left to be processed\n"));

+		    warn (_("Invalid vn_next field of %lx\n"), ent.vn_next);

 		    cnt = section->sh_info;

 		    break;

 		  }

+		if (ent.vn_next > (size_t) (endbuf - ((char *) eneed + idx)))

+		  break;

 		idx += ent.vn_next;

 	      }

@@ -12859,7 +12869,9 @@ dump_section_as_strings (Elf_Internal_Sh

   real_start = start = (unsigned char *) get_section_contents (section,

 							       file);

   if (start == NULL)

-    return FALSE;

+    /* PR 21820: Do not fail if the section was empty.  */

+    return (section->sh_size == 0 || section->sh_type == SHT_NOBITS) ? TRUE : FALSE;

+

   num_bytes = section->sh_size;

   printf (_("\nString dump of section '%s':\n"), printable_section_name (section));

@@ -13005,7 +13017,8 @@ dump_section_as_bytes (Elf_Internal_Shdr

   real_start = start = (unsigned char *) get_section_contents (section, file);

   if (start == NULL)

-    return FALSE;

+    /* PR 21820: Do not fail if the section was empty.  */

+    return (section->sh_size == 0 || section->sh_type == SHT_NOBITS) ? TRUE : FALSE;

   section_size = section->sh_size;