--- /dev/null
+commit d7f399a8de4c55eb841db6493597a587fac002de
+Author: Nick Clifton <nickc@redhat.com>
+Date: Fri Dec 2 17:46:26 2016 +0000
+
+ Fix seg-fault in linker when passed a corrupt binary input file.
+
+ PR lf/20908
+ * elflink.c (bfd_elf_final_link): Check for ELF flavour binaries
+ when following indirect links.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7299
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/elflink.c
+===================================================================
+--- git.orig/bfd/elflink.c 2017-09-20 14:15:26.337333504 +0530
++++ git/bfd/elflink.c 2017-09-20 14:20:19.000000000 +0530
+@@ -11201,6 +11201,12 @@
+ asection *sec;
+
+ sec = p->u.indirect.section;
++ /* See PR 20908 for a reproducer. */
++ if (bfd_get_flavour (sec->owner) != bfd_target_elf_flavour)
++ {
++ _bfd_error_handler (_("%B: not in ELF format"), sec->owner);
++ goto error_return;
++ }
+ esdi = elf_section_data (sec);
+
+ /* Mark all sections which are to be included in the
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-20 14:20:19.000000000 +0530
++++ git/bfd/ChangeLog 2017-09-20 14:23:48.743556932 +0530
+@@ -192,6 +192,10 @@
+
+ 2016-12-02 Nick Clifton <nickc@redhat.com>
+
++ PR lf/20908
++ * elflink.c (bfd_elf_final_link): Check for ELF flavour binaries
++ when following indirect links.
++
+ PR ld/20909
+ * aoutx.h (aout_link_add_symbols): Fix off-by-one error in check
+ for an illegal string offset.
--- /dev/null
+commit a961cdd5f139d3c3e09170db52bd8df7dafae13f
+Author: Alan Modra <amodra@gmail.com>
+Date: Thu Dec 15 21:29:44 2016 +1030
+
+ Linking non-ELF file broken by PR20908 fix
+
+ PR ld/20968
+ PR ld/20908
+ * elflink.c (bfd_elf_final_link): Revert 2016-12-02 change. Move
+ reloc counting code later after ELF flavour test.
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-7299
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+
+Index: git/bfd/elflink.c
+===================================================================
+--- git.orig/bfd/elflink.c 2017-09-20 14:15:28.133343092 +0530
++++ git/bfd/elflink.c 2017-09-20 14:15:28.189343391 +0530
+@@ -11201,13 +11201,6 @@
+ asection *sec;
+
+ sec = p->u.indirect.section;
+- /* See PR 20908 for a reproducer. */
+- if (bfd_get_flavour (sec->owner) != bfd_target_elf_flavour)
+- {
+- _bfd_error_handler (_("%B: not in ELF format"), sec->owner);
+- goto error_return;
+- }
+- esdi = elf_section_data (sec);
+
+ /* Mark all sections which are to be included in the
+ link. This will normally be every section. We need
+@@ -11218,37 +11211,18 @@
+ if (sec->flags & SEC_MERGE)
+ merged = TRUE;
+
+- if (esdo->this_hdr.sh_type == SHT_REL
+- || esdo->this_hdr.sh_type == SHT_RELA)
+- /* Some backends use reloc_count in relocation sections
+- to count particular types of relocs. Of course,
+- reloc sections themselves can't have relocations. */
+- reloc_count = 0;
+- else if (emit_relocs)
+- {
+- reloc_count = sec->reloc_count;
+- if (bed->elf_backend_count_additional_relocs)
+- {
+- int c;
+- c = (*bed->elf_backend_count_additional_relocs) (sec);
+- additional_reloc_count += c;
+- }
+- }
+- else if (bed->elf_backend_count_relocs)
+- reloc_count = (*bed->elf_backend_count_relocs) (info, sec);
+-
+ if (sec->rawsize > max_contents_size)
+ max_contents_size = sec->rawsize;
+ if (sec->size > max_contents_size)
+ max_contents_size = sec->size;
+
+- /* We are interested in just local symbols, not all
+- symbols. */
+ if (bfd_get_flavour (sec->owner) == bfd_target_elf_flavour
+ && (sec->owner->flags & DYNAMIC) == 0)
+ {
+ size_t sym_count;
+
++ /* We are interested in just local symbols, not all
++ symbols. */
+ if (elf_bad_symtab (sec->owner))
+ sym_count = (elf_tdata (sec->owner)->symtab_hdr.sh_size
+ / bed->s->sizeof_sym);
+@@ -11262,6 +11236,27 @@
+ && elf_symtab_shndx_list (sec->owner) != NULL)
+ max_sym_shndx_count = sym_count;
+
++ if (esdo->this_hdr.sh_type == SHT_REL
++ || esdo->this_hdr.sh_type == SHT_RELA)
++ /* Some backends use reloc_count in relocation sections
++ to count particular types of relocs. Of course,
++ reloc sections themselves can't have relocations. */
++ ;
++ else if (emit_relocs)
++ {
++ reloc_count = sec->reloc_count;
++ if (bed->elf_backend_count_additional_relocs)
++ {
++ int c;
++ c = (*bed->elf_backend_count_additional_relocs) (sec);
++ additional_reloc_count += c;
++ }
++ }
++ else if (bed->elf_backend_count_relocs)
++ reloc_count = (*bed->elf_backend_count_relocs) (info, sec);
++
++ esdi = elf_section_data (sec);
++
+ if ((sec->flags & SEC_RELOC) != 0)
+ {
+ size_t ext_size = 0;
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog 2017-09-20 14:15:28.013342453 +0530
++++ git/bfd/ChangeLog 2017-09-20 14:19:06.990419395 +0530
+@@ -156,6 +156,13 @@
+ (bfd_elf_final_link): Only initialize the extended symbol index
+ section if there are extended symbol tables to list.
+
++2016-12-15 Alan Modra <amodra@gmail.com>
++
++ PR ld/20968
++ PR ld/20908
++ * elflink.c (bfd_elf_final_link): Revert 2016-12-02 change. Move
++ reloc counting code later after ELF flavour test.
++
+ 2016-12-06 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/20931
