binutils: CVE-2017-8398

Source: git://sourceware.org/git/binutils-gdb.git
MR: 74127
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 410078b468de6dc1c908342283a6abe5bdf38d54
Description:

Fix heap-buffer overflow bugs caused when dumping debug information from a corrupt binary.

  PR binutils/21438
     * dwarf.c (process_extended_line_op): Do not assume that the
       string extracted from the section is NUL terminated.
       (fetch_indirect_string): If the string retrieved from the section
       is not NUL terminated, return an error message.
       (fetch_indirect_line_string): Likewise.
       (fetch_indexed_string): Likewise.

Affects: <= 2.29

Author: Nick Clifton <nickc@redhat.com>
(From OE-Core rev: 1e19e656a97caf61f26ab4f52339b9413d3bb29f)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

1 files changed, 1 insertions, 0 deletions

diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc
index a455b0192c..35e26fc0dd 100644
--- a/meta/recipes-devtools/binutils/binutils-2.27.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.27.inc
@@ -75,6 +75,7 @@ SRC_URI = "\
      file://CVE-2017-8421.patch \
      file://CVE-2017-8394_1.patch \
      file://CVE-2017-8394.patch \
+     file://CVE-2017-8398.patch \
 "
 S  = "${WORKDIR}/git"