diff options
author | Khem Raj <raj.khem@gmail.com> | 2019-02-04 13:18:08 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-02-05 13:53:48 +0000 |
commit | db9bca2b3b126ad915decc1c803e136a3cdb5d66 (patch) | |
tree | 3fab2b7ec10ee8397268827ed03a9396715188ed /meta/recipes-devtools/binutils/binutils/CVE-2018-17358.patch | |
parent | 3c6764b09888e2025536b8bc73ce548cf53a1579 (diff) | |
download | poky-db9bca2b3b126ad915decc1c803e136a3cdb5d66.tar.gz |
binutils: Upgrade to binutils 2.32
Changes
https://sourceware.org/ml/binutils/2019-02/msg00010.html
0007-Add-the-armv5e-architecture-to-binutils.patch is dropped since we
armv5 is not a used option anymore in OE armv5te is default, and gcc9
will drop it completely anyway
CVE patches were backports from master which is already past of 2.32
release
Other dropped patches were partial or full backports as well
(From OE-Core rev: b71294c4decf35d544a2c8adb4e67d141841fc68)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2018-17358.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2018-17358.patch | 121 |
1 files changed, 0 insertions, 121 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-17358.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-17358.patch deleted file mode 100644 index d5a1ea1dc4..0000000000 --- a/meta/recipes-devtools/binutils/binutils/CVE-2018-17358.patch +++ /dev/null | |||
@@ -1,121 +0,0 @@ | |||
1 | From 30838132997e6a3cfe3ec11c58b32b22f6f6b102 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alan Modra <amodra@gmail.com> | ||
3 | Date: Thu, 20 Sep 2018 15:29:17 +0930 | ||
4 | Subject: [PATCH] Bug 23686, two segment faults in nm | ||
5 | |||
6 | Fixes the bugs exposed by the testcases in the PR, plus two more bugs | ||
7 | I noticed when looking at _bfd_stab_section_find_nearest_line. | ||
8 | |||
9 | PR 23686 | ||
10 | * dwarf2.c (read_section): Error when attempting to malloc | ||
11 | "(bfd_size_type) -1". | ||
12 | * syms.c (_bfd_stab_section_find_nearest_line): Bounds check | ||
13 | function_name. Bounds check reloc address. Formatting. Ensure | ||
14 | .stabstr zero terminated. | ||
15 | CVE: CVE-2018-17358 and CVE-2018-17359 | ||
16 | Upstream-Status: Backport | ||
17 | Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> | ||
18 | --- | ||
19 | bfd/ChangeLog | 9 +++++++++ | ||
20 | bfd/dwarf2.c | 9 ++++++++- | ||
21 | bfd/syms.c | 22 ++++++++++++++++------ | ||
22 | 3 files changed, 33 insertions(+), 7 deletions(-) | ||
23 | |||
24 | --- a/bfd/dwarf2.c | ||
25 | +++ b/bfd/dwarf2.c | ||
26 | @@ -527,6 +527,7 @@ read_section (bfd * abfd, | ||
27 | asection *msec; | ||
28 | const char *section_name = sec->uncompressed_name; | ||
29 | bfd_byte *contents = *section_buffer; | ||
30 | + bfd_size_type amt; | ||
31 | |||
32 | /* The section may have already been read. */ | ||
33 | if (contents == NULL) | ||
34 | @@ -549,7 +550,13 @@ read_section (bfd * abfd, | ||
35 | *section_size = msec->rawsize ? msec->rawsize : msec->size; | ||
36 | /* Paranoia - alloc one extra so that we can make sure a string | ||
37 | section is NUL terminated. */ | ||
38 | - contents = (bfd_byte *) bfd_malloc (*section_size + 1); | ||
39 | + amt = *section_size + 1; | ||
40 | + if (amt == 0) | ||
41 | + { | ||
42 | + bfd_set_error (bfd_error_no_memory); | ||
43 | + return FALSE; | ||
44 | + } | ||
45 | + contents = (bfd_byte *) bfd_malloc (amt); | ||
46 | if (contents == NULL) | ||
47 | return FALSE; | ||
48 | if (syms | ||
49 | --- a/bfd/syms.c | ||
50 | +++ b/bfd/syms.c | ||
51 | @@ -1035,6 +1035,10 @@ _bfd_stab_section_find_nearest_line (bfd | ||
52 | 0, strsize)) | ||
53 | return FALSE; | ||
54 | |||
55 | + /* Stab strings ought to be nul terminated. Ensure the last one | ||
56 | + is, to prevent running off the end of the buffer. */ | ||
57 | + info->strs[strsize - 1] = 0; | ||
58 | + | ||
59 | /* If this is a relocatable object file, we have to relocate | ||
60 | the entries in .stab. This should always be simple 32 bit | ||
61 | relocations against symbols defined in this object file, so | ||
62 | @@ -1073,7 +1077,8 @@ _bfd_stab_section_find_nearest_line (bfd | ||
63 | || r->howto->bitsize != 32 | ||
64 | || r->howto->pc_relative | ||
65 | || r->howto->bitpos != 0 | ||
66 | - || r->howto->dst_mask != 0xffffffff) | ||
67 | + || r->howto->dst_mask != 0xffffffff | ||
68 | + || r->address * bfd_octets_per_byte (abfd) + 4 > stabsize) | ||
69 | { | ||
70 | _bfd_error_handler | ||
71 | (_("unsupported .stab relocation")); | ||
72 | @@ -1195,7 +1200,8 @@ _bfd_stab_section_find_nearest_line (bfd | ||
73 | { | ||
74 | nul_fun = stab; | ||
75 | nul_str = str; | ||
76 | - if (file_name >= (char *) info->strs + strsize || file_name < (char *) str) | ||
77 | + if (file_name >= (char *) info->strs + strsize | ||
78 | + || file_name < (char *) str) | ||
79 | file_name = NULL; | ||
80 | if (stab + STABSIZE + TYPEOFF < info->stabs + stabsize | ||
81 | && *(stab + STABSIZE + TYPEOFF) == (bfd_byte) N_SO) | ||
82 | @@ -1206,7 +1212,8 @@ _bfd_stab_section_find_nearest_line (bfd | ||
83 | directory_name = file_name; | ||
84 | file_name = ((char *) str | ||
85 | + bfd_get_32 (abfd, stab + STRDXOFF)); | ||
86 | - if (file_name >= (char *) info->strs + strsize || file_name < (char *) str) | ||
87 | + if (file_name >= (char *) info->strs + strsize | ||
88 | + || file_name < (char *) str) | ||
89 | file_name = NULL; | ||
90 | } | ||
91 | } | ||
92 | @@ -1217,7 +1224,8 @@ _bfd_stab_section_find_nearest_line (bfd | ||
93 | file_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF); | ||
94 | /* PR 17512: file: 0c680a1f. */ | ||
95 | /* PR 17512: file: 5da8aec4. */ | ||
96 | - if (file_name >= (char *) info->strs + strsize || file_name < (char *) str) | ||
97 | + if (file_name >= (char *) info->strs + strsize | ||
98 | + || file_name < (char *) str) | ||
99 | file_name = NULL; | ||
100 | break; | ||
101 | |||
102 | @@ -1226,7 +1234,8 @@ _bfd_stab_section_find_nearest_line (bfd | ||
103 | function_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF); | ||
104 | if (function_name == (char *) str) | ||
105 | continue; | ||
106 | - if (function_name >= (char *) info->strs + strsize) | ||
107 | + if (function_name >= (char *) info->strs + strsize | ||
108 | + || function_name < (char *) str) | ||
109 | function_name = NULL; | ||
110 | |||
111 | nul_fun = NULL; | ||
112 | @@ -1335,7 +1344,8 @@ _bfd_stab_section_find_nearest_line (bfd | ||
113 | if (val <= offset) | ||
114 | { | ||
115 | file_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF); | ||
116 | - if (file_name >= (char *) info->strs + strsize || file_name < (char *) str) | ||
117 | + if (file_name >= (char *) info->strs + strsize | ||
118 | + || file_name < (char *) str) | ||
119 | file_name = NULL; | ||
120 | *pline = 0; | ||
121 | } | ||