diff options
Diffstat (limited to 'poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch')
-rw-r--r-- | poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch | 85 |
1 files changed, 0 insertions, 85 deletions
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch deleted file mode 100644 index 815b32c30..000000000 --- a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch +++ /dev/null @@ -1,85 +0,0 @@ -From eef104664efb52965d85a28bc3fc7c77e52e48e2 Mon Sep 17 00:00:00 2001 -From: Nick Clifton <nickc@redhat.com> -Date: Wed, 28 Feb 2018 10:13:54 +0000 -Subject: [PATCH] Fix potential integer overflow when reading corrupt dwarf1 - debug information. - - PR 22894 - * dwarf1.c (parse_die): Check the length of form blocks before - advancing the data pointer. - -Upstream-Status: Backport -Affects: Binutils <= 2.30 -CVE: CVE-2018-7568 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - bfd/ChangeLog | 6 ++++++ - bfd/dwarf1.c | 17 +++++++++++++++-- - 2 files changed, 21 insertions(+), 2 deletions(-) - -Index: git/bfd/dwarf1.c -=================================================================== ---- git.orig/bfd/dwarf1.c -+++ git/bfd/dwarf1.c -@@ -213,6 +213,7 @@ parse_die (bfd * abfd, - /* Then the attributes. */ - while (xptr + 2 <= aDiePtrEnd) - { -+ unsigned int block_len; - unsigned short attr; - - /* Parse the attribute based on its form. This section -@@ -255,12 +256,24 @@ parse_die (bfd * abfd, - break; - case FORM_BLOCK2: - if (xptr + 2 <= aDiePtrEnd) -- xptr += bfd_get_16 (abfd, xptr); -+ { -+ block_len = bfd_get_16 (abfd, xptr); -+ if (xptr + block_len > aDiePtrEnd -+ || xptr + block_len < xptr) -+ return FALSE; -+ xptr += block_len; -+ } - xptr += 2; - break; - case FORM_BLOCK4: - if (xptr + 4 <= aDiePtrEnd) -- xptr += bfd_get_32 (abfd, xptr); -+ { -+ block_len = bfd_get_32 (abfd, xptr); -+ if (xptr + block_len > aDiePtrEnd -+ || xptr + block_len < xptr) -+ return FALSE; -+ xptr += block_len; -+ } - xptr += 4; - break; - case FORM_STRING: -Index: git/bfd/ChangeLog -=================================================================== ---- git.orig/bfd/ChangeLog -+++ git/bfd/ChangeLog -@@ -4,7 +4,11 @@ - * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in - range before converting to a symbol table pointer. - --2018-02-28 Alan Modra <amodra@gmail.com> -+2018-02-28 Nick Clifton <nickc@redhat.com> -+ -+ PR 22894 -+ * dwarf1.c (parse_die): Check the length of form blocks before -+ advancing the data pointer. - - PR 22895 - PR 22893 -@@ -14,6 +18,8 @@ - size is invalid. - (read_attribute_value): Adjust invocations of read_n_bytes. - -+2018-02-28 Alan Modra <amodra@gmail.com> -+ - PR 22887 - * aoutx.h (swap_std_reloc_in): Correct r_index bound check. - |