summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFan Xin <fan.xin@jp.fujitsu.com>2017-05-24 05:43:11 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-06-05 22:30:21 (GMT)
commit13f7fc465588a3e5f0c616cc881cabcfd3ca808d (patch)
tree72ae027963685155bc73dee49203b5c299d0185a
parentd2586b6fde626faeb65667a64b4d993a017a1d25 (diff)
downloadpoky-13f7fc465588a3e5f0c616cc881cabcfd3ca808d.tar.gz
binutils: Fix CVE-2017-8392
Backport upsream commit to fix CVE-2017-8392 CVE: CVE-2017-8392 [BZ 21409] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21409 PR 21409, segfault in _bfd_dwarf2_find_nearest_line PR 21409 * dwarf2.c (_bfd_dwarf2_find_nearest_line): Don't segfault when no symbols. (From OE-Core rev: dff01b827c87ae135a1d5511b1efbdad01c0eaee) (From OE-Core rev: c5a5017ce710108c61dba0e0af72bb72a9419701) Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.28.inc2
-rw-r--r--meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch75
-rw-r--r--meta/recipes-devtools/binutils/binutils/0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch33
3 files changed, 110 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 7585da1..5492505 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -37,6 +37,8 @@ SRC_URI = "\
37 file://0016-Detect-64-bit-MIPS-targets.patch \ 37 file://0016-Detect-64-bit-MIPS-targets.patch \
38 file://CVE-2017-6965.patch \ 38 file://CVE-2017-6965.patch \
39 file://CVE-2017-6966.patch \ 39 file://CVE-2017-6966.patch \
40 file://0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch \
41 file://0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch \
40" 42"
41S = "${WORKDIR}/git" 43S = "${WORKDIR}/git"
42 44
diff --git a/meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch b/meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch
new file mode 100644
index 0000000..23ad10a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch
@@ -0,0 +1,75 @@
1From 3239a4231ff79bf8b67b8faaf414b1667486167c Mon Sep 17 00:00:00 2001
2From: Andrew Burgess <andrew.burgess@embecosm.com>
3Date: Mon, 19 Dec 2016 15:27:59 +0000
4Subject: [PATCH] bfd: Improve lookup of file / line information for errors
5
6When looking up file and line information (used from the linker to
7report error messages) if no symbol is passed in, then use the symbol
8list to look for a matching symbol.
9
10If a matching symbol is found then use this to look up the file / line
11information.
12
13This should improve errors when looking up file / line information for
14data sections. Hopefully we should find a matching data symbol, which
15should, in turn (we hope) match a DW_TAG_variable in the DWARF, this
16should allow us to give accurate file / line errors for data symbols.
17
18As the hope is to find a matching DW_TAG_variable in the DWARF then we
19ignore section symbols, and prefer global symbols to locals.
20
21CVE: CVE-2017-8392
22Upstream-Status: Accepted
23
24Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
25---
26 bfd/dwarf2.c | 32 ++++++++++++++++++++++++++++++++
27 1 files changed, 32 insertions(+)
28
29
30diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
31index 03447a9..9bb8126 100644
32--- a/bfd/dwarf2.c
33+++ b/bfd/dwarf2.c
34@@ -4155,6 +4155,38 @@ _bfd_dwarf2_find_nearest_line (bfd *abfd,
35 {
36 BFD_ASSERT (section != NULL && functionname_ptr != NULL);
37 addr = offset;
38+
39+ /* If we have no SYMBOL but the section we're looking at is not a
40+ code section, then take a look through the list of symbols to see
41+ if we have a symbol at the address we're looking for. If we do
42+ then use this to look up line information. This will allow us to
43+ give file and line results for data symbols. We exclude code
44+ symbols here, if we look up a function symbol and then look up the
45+ line information we'll actually return the line number for the
46+ opening '{' rather than the function definition line. This is
47+ because looking up by symbol uses the line table, in which the
48+ first line for a function is usually the opening '{', while
49+ looking up the function by section + offset uses the
50+ DW_AT_decl_line from the function DW_TAG_subprogram for the line,
51+ which will be the line of the function name. */
52+ if ((section->flags & SEC_CODE) == 0)
53+ {
54+ asymbol **tmp;
55+
56+ for (tmp = symbols; (*tmp) != NULL; ++tmp)
57+ if ((*tmp)->the_bfd == abfd
58+ && (*tmp)->section == section
59+ && (*tmp)->value == offset
60+ && ((*tmp)->flags & BSF_SECTION_SYM) == 0)
61+ {
62+ symbol = *tmp;
63+ do_line = TRUE;
64+ /* For local symbols, keep going in the hope we find a
65+ global. */
66+ if ((symbol->flags & BSF_GLOBAL) != 0)
67+ break;
68+ }
69+ }
70 }
71
72 if (section->output_section)
73--
741.9.1
75
diff --git a/meta/recipes-devtools/binutils/binutils/0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch b/meta/recipes-devtools/binutils/binutils/0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch
new file mode 100644
index 0000000..acb37df
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch
@@ -0,0 +1,33 @@
1From 97e83a100aa8250be783304bfe0429761c6e6b6b Mon Sep 17 00:00:00 2001
2From: Alan Modra <amodra@gmail.com>
3Date: Sun, 23 Apr 2017 13:55:49 +0930
4Subject: [PATCH] PR 21409, segfault in _bfd_dwarf2_find_nearest_line
5
6 PR 21409
7 * dwarf2.c (_bfd_dwarf2_find_nearest_line): Don't segfault when
8 no symbols.
9
10CVE: CVE-2017-8392
11Upstream-Status: Accepted
12
13Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
14---
15 bfd/dwarf2.c | 2 +-
16 1 files changed, 1 insertions(+), 1 deletion(-)
17
18diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
19index 132a674..0ef3e1f 100644
20--- a/bfd/dwarf2.c
21+++ b/bfd/dwarf2.c
22@@ -4205,7 +4205,7 @@ _bfd_dwarf2_find_nearest_line (bfd *abfd,
23 looking up the function by section + offset uses the
24 DW_AT_decl_line from the function DW_TAG_subprogram for the line,
25 which will be the line of the function name. */
26- if ((section->flags & SEC_CODE) == 0)
27+ if (symbols != NULL && (section->flags & SEC_CODE) == 0)
28 {
29 asymbol **tmp;
30
31--
321.9.1
33