diff options
Diffstat (limited to 'poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch')
-rw-r--r-- | poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch | 119 |
1 files changed, 0 insertions, 119 deletions
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch deleted file mode 100644 index 96c0fd242..000000000 --- a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch +++ /dev/null @@ -1,119 +0,0 @@ -From 12c963421d045a127c413a0722062b9932c50aa9 Mon Sep 17 00:00:00 2001 -From: Nick Clifton <nickc@redhat.com> -Date: Wed, 28 Feb 2018 11:50:49 +0000 -Subject: [PATCH] Catch integer overflows/underflows when parsing corrupt DWARF - FORM blocks. - - PR 22895 - PR 22893 - * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block - pointer. Drop unused abfd parameter. Check the size of the block - before initialising the data field. Return the end pointer if the - size is invalid. - (read_attribute_value): Adjust invocations of read_n_bytes. - -Upstream-Status: Backport -Affects: Binutils <= 2.30 -CVE: CVE-2018-7569 -Signed-off-by: Armin Kuster <akuster@mvista.com> ---- - bfd/ChangeLog | 8 ++++++++ - bfd/dwarf2.c | 36 +++++++++++++++++++++--------------- - 2 files changed, 29 insertions(+), 15 deletions(-) - -Index: git/bfd/dwarf2.c -=================================================================== ---- git.orig/bfd/dwarf2.c -+++ git/bfd/dwarf2.c -@@ -622,14 +622,24 @@ read_8_bytes (bfd *abfd, bfd_byte *buf, - } - - static bfd_byte * --read_n_bytes (bfd *abfd ATTRIBUTE_UNUSED, -- bfd_byte *buf, -- bfd_byte *end, -- unsigned int size ATTRIBUTE_UNUSED) --{ -- if (buf + size > end) -- return NULL; -- return buf; -+read_n_bytes (bfd_byte * buf, -+ bfd_byte * end, -+ struct dwarf_block * block) -+{ -+ unsigned int size = block->size; -+ bfd_byte * block_end = buf + size; -+ -+ if (block_end > end || block_end < buf) -+ { -+ block->data = NULL; -+ block->size = 0; -+ return end; -+ } -+ else -+ { -+ block->data = buf; -+ return block_end; -+ } - } - - /* Scans a NUL terminated string starting at BUF, returning a pointer to it. -@@ -1127,8 +1137,7 @@ read_attribute_value (struct attribute * - return NULL; - blk->size = read_2_bytes (abfd, info_ptr, info_ptr_end); - info_ptr += 2; -- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); -- info_ptr += blk->size; -+ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); - attr->u.blk = blk; - break; - case DW_FORM_block4: -@@ -1138,8 +1147,7 @@ read_attribute_value (struct attribute * - return NULL; - blk->size = read_4_bytes (abfd, info_ptr, info_ptr_end); - info_ptr += 4; -- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); -- info_ptr += blk->size; -+ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); - attr->u.blk = blk; - break; - case DW_FORM_data2: -@@ -1179,8 +1187,7 @@ read_attribute_value (struct attribute * - blk->size = _bfd_safe_read_leb128 (abfd, info_ptr, &bytes_read, - FALSE, info_ptr_end); - info_ptr += bytes_read; -- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); -- info_ptr += blk->size; -+ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); - attr->u.blk = blk; - break; - case DW_FORM_block1: -@@ -1190,8 +1197,7 @@ read_attribute_value (struct attribute * - return NULL; - blk->size = read_1_byte (abfd, info_ptr, info_ptr_end); - info_ptr += 1; -- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size); -- info_ptr += blk->size; -+ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk); - attr->u.blk = blk; - break; - case DW_FORM_data1: -Index: git/bfd/ChangeLog -=================================================================== ---- git.orig/bfd/ChangeLog -+++ git/bfd/ChangeLog -@@ -6,6 +6,14 @@ - - 2018-02-28 Alan Modra <amodra@gmail.com> - -+ PR 22895 -+ PR 22893 -+ * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block -+ pointer. Drop unused abfd parameter. Check the size of the block -+ before initialising the data field. Return the end pointer if the -+ size is invalid. -+ (read_attribute_value): Adjust invocations of read_n_bytes. -+ - PR 22887 - * aoutx.h (swap_std_reloc_in): Correct r_index bound check. - |