diff options
author | pgowda <pgowda.cve@gmail.com> | 2022-09-05 20:50:28 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-09-08 14:59:39 +0100 |
commit | b3b3137754161f5ff59a3cb42d051362637794f3 (patch) | |
tree | 0c014fe3269e07fa4477071227321b443c40dae9 /meta/recipes-devtools/binutils | |
parent | 1caca66021a5d84635d59b56dc45cae84b74a656 (diff) | |
download | poky-b3b3137754161f5ff59a3cb42d051362637794f3.tar.gz |
binutils : CVE-2022-38533
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]
(From OE-Core rev: a7e44505667b60a160e9f1ad82105a181c747781)
Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.39.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/0013-CVE-2022-38533.patch | 36 |
2 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.39.inc b/meta/recipes-devtools/binutils/binutils-2.39.inc index 89612a3eae..37627c8f93 100644 --- a/meta/recipes-devtools/binutils/binutils-2.39.inc +++ b/meta/recipes-devtools/binutils/binutils-2.39.inc | |||
@@ -31,5 +31,6 @@ SRC_URI = "\ | |||
31 | file://0010-sync-with-OE-libtool-changes.patch \ | 31 | file://0010-sync-with-OE-libtool-changes.patch \ |
32 | file://0011-Check-for-clang-before-checking-gcc-version.patch \ | 32 | file://0011-Check-for-clang-before-checking-gcc-version.patch \ |
33 | file://0012-Only-generate-an-RPATH-entry-if-LD_RUN_PATH-is-not-e.patch \ | 33 | file://0012-Only-generate-an-RPATH-entry-if-LD_RUN_PATH-is-not-e.patch \ |
34 | file://0013-CVE-2022-38533.patch \ | ||
34 | " | 35 | " |
35 | S = "${WORKDIR}/git" | 36 | S = "${WORKDIR}/git" |
diff --git a/meta/recipes-devtools/binutils/binutils/0013-CVE-2022-38533.patch b/meta/recipes-devtools/binutils/binutils/0013-CVE-2022-38533.patch new file mode 100644 index 0000000000..5d9ac2cb1f --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0013-CVE-2022-38533.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alan Modra <amodra@gmail.com> | ||
3 | Date: Sat, 13 Aug 2022 15:32:47 +0930 | ||
4 | Subject: [PATCH] PR29482 - strip: heap-buffer-overflow | ||
5 | |||
6 | PR 29482 | ||
7 | * coffcode.h (coff_set_section_contents): Sanity check _LIB. | ||
8 | |||
9 | Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797] | ||
10 | |||
11 | Signed-off-by: Pgowda <pgowda.cve@gmail.com> | ||
12 | |||
13 | --- | ||
14 | bfd/coffcode.h | 7 +++++-- | ||
15 | 1 file changed, 5 insertions(+), 2 deletions(-) | ||
16 | |||
17 | diff --git a/bfd/coffcode.h b/bfd/coffcode.h | ||
18 | index 67aaf158ca1..52027981c3f 100644 | ||
19 | --- a/bfd/coffcode.h | ||
20 | +++ b/bfd/coffcode.h | ||
21 | @@ -4302,10 +4302,13 @@ coff_set_section_contents (bfd * abfd, | ||
22 | |||
23 | rec = (bfd_byte *) location; | ||
24 | recend = rec + count; | ||
25 | - while (rec < recend) | ||
26 | + while (recend - rec >= 4) | ||
27 | { | ||
28 | + size_t len = bfd_get_32 (abfd, rec); | ||
29 | + if (len == 0 || len > (size_t) (recend - rec) / 4) | ||
30 | + break; | ||
31 | + rec += len * 4; | ||
32 | ++section->lma; | ||
33 | - rec += bfd_get_32 (abfd, rec) * 4; | ||
34 | } | ||
35 | |||
36 | BFD_ASSERT (rec == recend); | ||