diff options
Diffstat (limited to 'poky/meta/recipes-devtools/binutils/binutils/0014-CVE-2022-38128-2.patch')
-rw-r--r-- | poky/meta/recipes-devtools/binutils/binutils/0014-CVE-2022-38128-2.patch | 536 |
1 files changed, 536 insertions, 0 deletions
diff --git a/poky/meta/recipes-devtools/binutils/binutils/0014-CVE-2022-38128-2.patch b/poky/meta/recipes-devtools/binutils/binutils/0014-CVE-2022-38128-2.patch new file mode 100644 index 0000000000..e30b4d86e1 --- /dev/null +++ b/poky/meta/recipes-devtools/binutils/binutils/0014-CVE-2022-38128-2.patch @@ -0,0 +1,536 @@ +From 175b91507b83ad42607d2f6dadaf55b7b511bdbe Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Wed, 20 Jul 2022 18:28:50 +0930 +Subject: [PATCH] miscellaneous dwarf.c tidies + + * dwarf.c: Leading and trailing whitespace fixes. + (free_abbrev_list): New function. + (free_all_abbrevs): Use the above. Free cu_abbrev_map here too. + (process_abbrev_set): Print actual section name on error. + (get_type_abbrev_from_form): Add overflow check. + (free_debug_memory): Don't free cu_abbrev_map here.. + (process_debug_info): ..or here. Warn on another case of not + finding a neeeded abbrev. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=175b91507b83ad42607d2f6dadaf55b7b511bdbe] + +Signed-off-by: Pgowda <pgowda.cve@gmail.com> +--- + binutils/dwarf.c | 216 +++++++++++++++++++++++------------------------ + 1 file changed, 106 insertions(+), 110 deletions(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 2b1eec49422..267ed3bb382 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -806,7 +806,7 @@ fetch_indexed_value (dwarf_vma idx, + pointer_size = 4; + bias = 12; + } +- ++ + dwarf_vma offset = idx * pointer_size; + + /* Offsets are biased by the size of the section header +@@ -908,38 +908,41 @@ record_abbrev_list_for_cu (dwarf_vma sta + next_free_abbrev_map_entry ++; + } + +-static void +-free_all_abbrevs (void) ++static abbrev_list * ++free_abbrev_list (abbrev_list *list) + { +- abbrev_list * list; ++ abbrev_entry *abbrv = list->first_abbrev; + +- for (list = abbrev_lists; list != NULL;) ++ while (abbrv) + { +- abbrev_list * next = list->next; +- abbrev_entry * abbrv; ++ abbrev_attr *attr = abbrv->first_attr; + +- for (abbrv = list->first_abbrev; abbrv != NULL;) ++ while (attr) + { +- abbrev_entry * next_abbrev = abbrv->next; +- abbrev_attr * attr; +- +- for (attr = abbrv->first_attr; attr;) +- { +- abbrev_attr *next_attr = attr->next; +- +- free (attr); +- attr = next_attr; +- } +- +- free (abbrv); +- abbrv = next_abbrev; ++ abbrev_attr *next_attr = attr->next; ++ free (attr); ++ attr = next_attr; + } + +- free (list); +- list = next; ++ abbrev_entry *next_abbrev = abbrv->next; ++ free (abbrv); ++ abbrv = next_abbrev; + } + +- abbrev_lists = NULL; ++ abbrev_list *next = list->next; ++ free (list); ++ return next; ++} ++ ++static void ++free_all_abbrevs (void) ++{ ++ while (abbrev_lists) ++ abbrev_lists = free_abbrev_list (abbrev_lists); ++ ++ free (cu_abbrev_map); ++ cu_abbrev_map = NULL; ++ next_free_abbrev_map_entry = 0; + } + + static abbrev_list * +@@ -971,7 +974,7 @@ find_abbrev_map_by_offset (dwarf_vma off + && cu_abbrev_map[i].end > offset) + return cu_abbrev_map + i; + +- return NULL; ++ return NULL; + } + + static void +@@ -1094,7 +1097,7 @@ process_abbrev_set (struct dwarf_section + } + + /* Report the missing single zero which ends the section. */ +- error (_(".debug_abbrev section not zero terminated\n")); ++ error (_("%s section not zero terminated\n"), section->name); + + free (list); + return NULL; +@@ -1875,7 +1878,7 @@ fetch_alt_indirect_string (dwarf_vma off + dwarf_vmatoa ("x", offset)); + return _("<offset is too big>"); + } +- ++ + static const char * + get_AT_name (unsigned long attribute) + { +@@ -2157,7 +2160,8 @@ get_type_abbrev_from_form (unsigned long + case DW_FORM_ref4: + case DW_FORM_ref8: + case DW_FORM_ref_udata: +- if (uvalue + cu_offset > (size_t) (cu_end - section->start)) ++ if (uvalue + cu_offset < uvalue ++ || uvalue + cu_offset > (size_t) (cu_end - section->start)) + { + warn (_("Unable to resolve ref form: uvalue %lx + cu_offset %lx > CU size %lx\n"), + uvalue, (long) cu_offset, (long) (cu_end - section->start)); +@@ -2194,7 +2198,7 @@ get_type_abbrev_from_form (unsigned long + else + *map_return = NULL; + } +- ++ + READ_ULEB (abbrev_number, data, section->start + section->size); + + for (entry = map->list->first_abbrev; entry != NULL; entry = entry->next) +@@ -2783,10 +2787,10 @@ read_and_display_attr_value (unsigned lo + if (form == DW_FORM_loclistx) + { + if (dwo) +- { +- index = fetch_indexed_value (uvalue, loclists_dwo, 0); +- index += (offset_size == 8) ? 20 : 12; +- } ++ { ++ index = fetch_indexed_value (uvalue, loclists_dwo, 0); ++ index += (offset_size == 8) ? 20 : 12; ++ } + else if (debug_info_p == NULL) + { + index = fetch_indexed_value (uvalue, loclists, 0); +@@ -2804,21 +2808,21 @@ read_and_display_attr_value (unsigned lo + else if (form == DW_FORM_rnglistx) + { + if (dwo) +- { +- index = fetch_indexed_value (uvalue, rnglists_dwo, 0); +- index += (offset_size == 8) ? 20 : 12; +- } ++ { ++ index = fetch_indexed_value (uvalue, rnglists_dwo, 0); ++ index += (offset_size == 8) ? 20 : 12; ++ } + else +- { +- if (debug_info_p == NULL) +- base = 0; +- else +- base = debug_info_p->rnglists_base; +- /* We do not have a cached value this time, so we perform the +- computation manually. */ +- index = fetch_indexed_value (uvalue, rnglists, base); +- index += base; +- } ++ { ++ if (debug_info_p == NULL) ++ base = 0; ++ else ++ base = debug_info_p->rnglists_base; ++ /* We do not have a cached value this time, so we perform the ++ computation manually. */ ++ index = fetch_indexed_value (uvalue, rnglists, base); ++ index += base; ++ } + } + else + { +@@ -2844,7 +2848,7 @@ read_and_display_attr_value (unsigned lo + if (!do_loc) + printf ("%c<0x%s>", delimiter, dwarf_vmatoa ("x", uvalue + cu_offset)); + break; +- ++ + default: + warn (_("Unrecognized form: 0x%lx\n"), form); + /* What to do? Consume a byte maybe? */ +@@ -2869,9 +2873,9 @@ read_and_display_attr_value (unsigned lo + case DW_AT_rnglists_base: + if (debug_info_p->rnglists_base) + warn (_("CU @ 0x%s has multiple rnglists_base values (0x%s and 0x%s)"), +- dwarf_vmatoa ("x", debug_info_p->cu_offset), +- dwarf_vmatoa ("x", debug_info_p->rnglists_base), +- dwarf_vmatoa ("x", uvalue)); ++ dwarf_vmatoa ("x", debug_info_p->cu_offset), ++ dwarf_vmatoa ("x", debug_info_p->rnglists_base), ++ dwarf_vmatoa ("x", uvalue)); + debug_info_p->rnglists_base = uvalue; + break; + case DW_AT_str_offsets_base: +@@ -3021,7 +3025,7 @@ read_and_display_attr_value (unsigned lo + case DW_FORM_strx3: + case DW_FORM_strx4: + add_dwo_name (fetch_indexed_string (uvalue, this_set, offset_size, false, +- debug_info_p->str_offsets_base), ++ debug_info_p->str_offsets_base), + cu_offset); + break; + case DW_FORM_string: +@@ -3055,7 +3059,7 @@ read_and_display_attr_value (unsigned lo + case DW_FORM_strx3: + case DW_FORM_strx4: + add_dwo_dir (fetch_indexed_string (uvalue, this_set, offset_size, false, +- debug_info_p->str_offsets_base), ++ debug_info_p->str_offsets_base), + cu_offset); + break; + case DW_FORM_string: +@@ -3686,11 +3690,8 @@ process_debug_info (struct dwarf_section + introduce (section, false); + + free_all_abbrevs (); +- free (cu_abbrev_map); +- cu_abbrev_map = NULL; +- next_free_abbrev_map_entry = 0; + +- /* In order to be able to resolve DW_FORM_ref_attr forms we need ++ /* In order to be able to resolve DW_FORM_ref_addr forms we need + to load *all* of the abbrevs for all CUs in this .debug_info + section. This does effectively mean that we (partially) read + every CU header twice. */ +@@ -4045,12 +4046,11 @@ process_debug_info (struct dwarf_section + + /* Scan through the abbreviation list until we reach the + correct entry. */ +- if (list == NULL) +- continue; +- +- for (entry = list->first_abbrev; entry != NULL; entry = entry->next) +- if (entry->number == abbrev_number) +- break; ++ entry = NULL; ++ if (list != NULL) ++ for (entry = list->first_abbrev; entry != NULL; entry = entry->next) ++ if (entry->number == abbrev_number) ++ break; + + if (entry == NULL) + { +@@ -4074,7 +4074,7 @@ process_debug_info (struct dwarf_section + break; + case DW_TAG_compile_unit: + case DW_TAG_skeleton_unit: +- need_base_address = 1; ++ need_base_address = 1; + need_dwo_info = do_loc; + break; + case DW_TAG_entry_point: +@@ -4459,7 +4459,7 @@ display_debug_sup (struct dwarf_section + + SAFE_BYTE_GET_AND_INC (is_supplementary, start, 1, end); + if (is_supplementary != 0 && is_supplementary != 1) +- warn (_("corrupt .debug_sup section: is_supplementary not 0 or 1\n")); ++ warn (_("corrupt .debug_sup section: is_supplementary not 0 or 1\n")); + + sup_filename = start; + if (is_supplementary && sup_filename[0] != 0) +@@ -5638,7 +5638,7 @@ display_debug_lines_decoded (struct dwar + printf ("%s %11d %#18" DWARF_VMA_FMT "x", + newFileName, state_machine_regs.line, + state_machine_regs.address); +- } ++ } + else + { + if (xop == -DW_LNE_end_sequence) +@@ -6092,7 +6092,7 @@ display_debug_macro (struct dwarf_sectio + load_debug_section_with_follow (str, file); + load_debug_section_with_follow (line, file); + load_debug_section_with_follow (str_index, file); +- ++ + introduce (section, false); + + while (curr < end) +@@ -6537,7 +6537,7 @@ display_loc_list (struct dwarf_section * + + /* Check base address specifiers. */ + if (is_max_address (begin, pointer_size) +- && !is_max_address (end, pointer_size)) ++ && !is_max_address (end, pointer_size)) + { + base_address = end; + print_dwarf_vma (begin, pointer_size); +@@ -6715,7 +6715,7 @@ display_loclists_list (struct dwarf_sect + case DW_LLE_default_location: + begin = end = 0; + break; +- ++ + case DW_LLE_offset_pair: + READ_ULEB (begin, start, section_end); + begin += base_address; +@@ -7011,7 +7011,7 @@ display_offset_entry_loclists (struct dw + unsigned char * start = section->start; + unsigned char * const end = start + section->size; + +- introduce (section, false); ++ introduce (section, false); + + do + { +@@ -7060,14 +7060,14 @@ display_offset_entry_loclists (struct dw + section->name, segment_selector_size); + return 0; + } +- ++ + if (offset_entry_count == 0) + { + warn (_("The %s section contains a table without offset\n"), + section->name); + return 0; + } +- ++ + printf (_("\n Offset Entries starting at 0x%lx:\n"), + (long)(start - section->start)); + +@@ -8229,7 +8229,7 @@ display_debug_rnglists (struct dwarf_sec + start = display_debug_rnglists_list + (start, end, address_size, offset, 0, offset_size); + if (start >= end) +- break; ++ break; + } + + start = end; +@@ -8347,12 +8347,12 @@ display_debug_ranges (struct dwarf_secti + next = section_begin + offset + debug_info_p->rnglists_base; + + /* If multiple DWARF entities reference the same range then we will +- have multiple entries in the `range_entries' list for the same +- offset. Thanks to the sort above these will all be consecutive in +- the `range_entries' list, so we can easily ignore duplicates +- here. */ ++ have multiple entries in the `range_entries' list for the same ++ offset. Thanks to the sort above these will all be consecutive in ++ the `range_entries' list, so we can easily ignore duplicates ++ here. */ + if (i > 0 && last_offset == offset) +- continue; ++ continue; + last_offset = offset; + + if (dwarf_check != 0 && i > 0) +@@ -10286,7 +10286,7 @@ display_debug_names (struct dwarf_sectio + printf (_("Out of %lu items there are %zu bucket clashes" + " (longest of %zu entries).\n"), + (unsigned long) name_count, hash_clash_count, longest_clash); +- ++ + if (name_count != buckets_filled + hash_clash_count) + warn (_("The name_count (%lu) is not the same as the used bucket_count (%lu) + the hash clash count (%lu)"), + (unsigned long) name_count, +@@ -10390,7 +10390,7 @@ display_debug_names (struct dwarf_sectio + break; + if (tagno >= 0) + printf ("%s<%lu>", +- (tagno == 0 && second_abbrev_tag == 0 ? " " : "\n\t"), ++ (tagno == 0 && second_abbrev_tag == 0 ? " " : "\n\t"), + (unsigned long) abbrev_tag); + + for (entry = abbrev_lookup; +@@ -10919,7 +10919,7 @@ process_cu_tu_index (struct dwarf_sectio + Check for integer overflow (can occur when size_t is 32-bit) + with overlarge ncols or nused values. */ + if (nused == -1u +- || _mul_overflow ((size_t) ncols, 4, &temp) ++ || _mul_overflow ((size_t) ncols, 4, &temp) + || _mul_overflow ((size_t) nused + 1, temp, &total) + || total > (size_t) (limit - ppool)) + { +@@ -10927,7 +10927,7 @@ process_cu_tu_index (struct dwarf_sectio + section->name); + return 0; + } +- ++ + if (do_display) + { + printf (_(" Offset table\n")); +@@ -11431,8 +11431,8 @@ add_separate_debug_file (const char * fi + + static bool + debuginfod_fetch_separate_debug_info (struct dwarf_section * section, +- char ** filename, +- void * file) ++ char ** filename, ++ void * file) + { + size_t build_id_len; + unsigned char * build_id; +@@ -11450,14 +11450,14 @@ debuginfod_fetch_separate_debug_info (st + + filelen = strnlen ((const char *)section->start, section->size); + if (filelen == section->size) +- /* Corrupt debugaltlink. */ +- return false; ++ /* Corrupt debugaltlink. */ ++ return false; + + build_id = section->start + filelen + 1; + build_id_len = section->size - (filelen + 1); + + if (build_id_len == 0) +- return false; ++ return false; + } + else + return false; +@@ -11469,25 +11469,25 @@ debuginfod_fetch_separate_debug_info (st + + client = debuginfod_begin (); + if (client == NULL) +- return false; ++ return false; + + /* Query debuginfod servers for the target file. If found its path +- will be stored in filename. */ ++ will be stored in filename. */ + fd = debuginfod_find_debuginfo (client, build_id, build_id_len, filename); + debuginfod_end (client); + + /* Only free build_id if we allocated space for a hex string +- in get_build_id (). */ ++ in get_build_id (). */ + if (build_id_len == 0) +- free (build_id); ++ free (build_id); + + if (fd >= 0) +- { +- /* File successfully retrieved. Close fd since we want to +- use open_debug_file () on filename instead. */ +- close (fd); +- return true; +- } ++ { ++ /* File successfully retrieved. Close fd since we want to ++ use open_debug_file () on filename instead. */ ++ close (fd); ++ return true; ++ } + } + + return false; +@@ -11500,7 +11500,7 @@ load_separate_debug_info (const char * + parse_func_type parse_func, + check_func_type check_func, + void * func_data, +- void * file ATTRIBUTE_UNUSED) ++ void * file ATTRIBUTE_UNUSED) + { + const char * separate_filename; + char * debug_filename; +@@ -11616,11 +11616,11 @@ load_separate_debug_info (const char * + & tmp_filename, + file)) + { +- /* File successfully downloaded from server, replace +- debug_filename with the file's path. */ +- free (debug_filename); +- debug_filename = tmp_filename; +- goto found; ++ /* File successfully downloaded from server, replace ++ debug_filename with the file's path. */ ++ free (debug_filename); ++ debug_filename = tmp_filename; ++ goto found; + } + } + #endif +@@ -11787,12 +11787,12 @@ load_build_id_debug_file (const char * m + /* In theory we should extract the contents of the section into + a note structure and then check the fields. For now though + just use hard coded offsets instead: +- ++ + Field Bytes Contents + NSize 0...3 4 + DSize 4...7 8+ + Type 8..11 3 (NT_GNU_BUILD_ID) +- Name 12.15 GNU\0 ++ Name 12.15 GNU\0 + Data 16.... */ + + /* FIXME: Check the name size, name and type fields. */ +@@ -11804,7 +11804,7 @@ load_build_id_debug_file (const char * m + warn (_(".note.gnu.build-id data size is too small\n")); + return; + } +- ++ + if (build_id_size > (section->size - 16)) + { + warn (_(".note.gnu.build-id data size is too bug\n")); +@@ -12100,10 +12100,6 @@ free_debug_memory (void) + + free_all_abbrevs (); + +- free (cu_abbrev_map); +- cu_abbrev_map = NULL; +- next_free_abbrev_map_entry = 0; +- + free (shndx_pool); + shndx_pool = NULL; + shndx_pool_size = 0; |