diff options
author | Fan Xin <fan.xin@jp.fujitsu.com> | 2017-05-24 14:43:11 +0900 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-05-25 23:59:32 +0100 |
commit | 2d4ae9670803dcf137dcb39bd61a401ccacf62c0 (patch) | |
tree | 559904f707f3cab29e7b8d2d2706454ac535b338 /meta/recipes-devtools/binutils | |
parent | 5a88343af3f5fc620306a27261b89190a2e3a241 (diff) | |
download | poky-2d4ae9670803dcf137dcb39bd61a401ccacf62c0.tar.gz |
binutils: Fix CVE-2017-8392
Backport upsream commit to fix CVE-2017-8392
CVE: CVE-2017-8392
[BZ 21409] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21409
PR 21409, segfault in _bfd_dwarf2_find_nearest_line
PR 21409
* dwarf2.c (_bfd_dwarf2_find_nearest_line): Don't segfault when
no symbols.
(From OE-Core rev: dff01b827c87ae135a1d5511b1efbdad01c0eaee)
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils')
3 files changed, 110 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc index 7585da1ca9..54925054d7 100644 --- a/meta/recipes-devtools/binutils/binutils-2.28.inc +++ b/meta/recipes-devtools/binutils/binutils-2.28.inc | |||
@@ -37,6 +37,8 @@ SRC_URI = "\ | |||
37 | file://0016-Detect-64-bit-MIPS-targets.patch \ | 37 | file://0016-Detect-64-bit-MIPS-targets.patch \ |
38 | file://CVE-2017-6965.patch \ | 38 | file://CVE-2017-6965.patch \ |
39 | file://CVE-2017-6966.patch \ | 39 | file://CVE-2017-6966.patch \ |
40 | file://0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch \ | ||
41 | file://0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch \ | ||
40 | " | 42 | " |
41 | S = "${WORKDIR}/git" | 43 | S = "${WORKDIR}/git" |
42 | 44 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch b/meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch new file mode 100644 index 0000000000..23ad10ab4a --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch | |||
@@ -0,0 +1,75 @@ | |||
1 | From 3239a4231ff79bf8b67b8faaf414b1667486167c Mon Sep 17 00:00:00 2001 | ||
2 | From: Andrew Burgess <andrew.burgess@embecosm.com> | ||
3 | Date: Mon, 19 Dec 2016 15:27:59 +0000 | ||
4 | Subject: [PATCH] bfd: Improve lookup of file / line information for errors | ||
5 | |||
6 | When looking up file and line information (used from the linker to | ||
7 | report error messages) if no symbol is passed in, then use the symbol | ||
8 | list to look for a matching symbol. | ||
9 | |||
10 | If a matching symbol is found then use this to look up the file / line | ||
11 | information. | ||
12 | |||
13 | This should improve errors when looking up file / line information for | ||
14 | data sections. Hopefully we should find a matching data symbol, which | ||
15 | should, in turn (we hope) match a DW_TAG_variable in the DWARF, this | ||
16 | should allow us to give accurate file / line errors for data symbols. | ||
17 | |||
18 | As the hope is to find a matching DW_TAG_variable in the DWARF then we | ||
19 | ignore section symbols, and prefer global symbols to locals. | ||
20 | |||
21 | CVE: CVE-2017-8392 | ||
22 | Upstream-Status: Accepted | ||
23 | |||
24 | Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> | ||
25 | --- | ||
26 | bfd/dwarf2.c | 32 ++++++++++++++++++++++++++++++++ | ||
27 | 1 files changed, 32 insertions(+) | ||
28 | |||
29 | |||
30 | diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c | ||
31 | index 03447a9..9bb8126 100644 | ||
32 | --- a/bfd/dwarf2.c | ||
33 | +++ b/bfd/dwarf2.c | ||
34 | @@ -4155,6 +4155,38 @@ _bfd_dwarf2_find_nearest_line (bfd *abfd, | ||
35 | { | ||
36 | BFD_ASSERT (section != NULL && functionname_ptr != NULL); | ||
37 | addr = offset; | ||
38 | + | ||
39 | + /* If we have no SYMBOL but the section we're looking at is not a | ||
40 | + code section, then take a look through the list of symbols to see | ||
41 | + if we have a symbol at the address we're looking for. If we do | ||
42 | + then use this to look up line information. This will allow us to | ||
43 | + give file and line results for data symbols. We exclude code | ||
44 | + symbols here, if we look up a function symbol and then look up the | ||
45 | + line information we'll actually return the line number for the | ||
46 | + opening '{' rather than the function definition line. This is | ||
47 | + because looking up by symbol uses the line table, in which the | ||
48 | + first line for a function is usually the opening '{', while | ||
49 | + looking up the function by section + offset uses the | ||
50 | + DW_AT_decl_line from the function DW_TAG_subprogram for the line, | ||
51 | + which will be the line of the function name. */ | ||
52 | + if ((section->flags & SEC_CODE) == 0) | ||
53 | + { | ||
54 | + asymbol **tmp; | ||
55 | + | ||
56 | + for (tmp = symbols; (*tmp) != NULL; ++tmp) | ||
57 | + if ((*tmp)->the_bfd == abfd | ||
58 | + && (*tmp)->section == section | ||
59 | + && (*tmp)->value == offset | ||
60 | + && ((*tmp)->flags & BSF_SECTION_SYM) == 0) | ||
61 | + { | ||
62 | + symbol = *tmp; | ||
63 | + do_line = TRUE; | ||
64 | + /* For local symbols, keep going in the hope we find a | ||
65 | + global. */ | ||
66 | + if ((symbol->flags & BSF_GLOBAL) != 0) | ||
67 | + break; | ||
68 | + } | ||
69 | + } | ||
70 | } | ||
71 | |||
72 | if (section->output_section) | ||
73 | -- | ||
74 | 1.9.1 | ||
75 | |||
diff --git a/meta/recipes-devtools/binutils/binutils/0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch b/meta/recipes-devtools/binutils/binutils/0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch new file mode 100644 index 0000000000..acb37df168 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From 97e83a100aa8250be783304bfe0429761c6e6b6b Mon Sep 17 00:00:00 2001 | ||
2 | From: Alan Modra <amodra@gmail.com> | ||
3 | Date: Sun, 23 Apr 2017 13:55:49 +0930 | ||
4 | Subject: [PATCH] PR 21409, segfault in _bfd_dwarf2_find_nearest_line | ||
5 | |||
6 | PR 21409 | ||
7 | * dwarf2.c (_bfd_dwarf2_find_nearest_line): Don't segfault when | ||
8 | no symbols. | ||
9 | |||
10 | CVE: CVE-2017-8392 | ||
11 | Upstream-Status: Accepted | ||
12 | |||
13 | Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> | ||
14 | --- | ||
15 | bfd/dwarf2.c | 2 +- | ||
16 | 1 files changed, 1 insertions(+), 1 deletion(-) | ||
17 | |||
18 | diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c | ||
19 | index 132a674..0ef3e1f 100644 | ||
20 | --- a/bfd/dwarf2.c | ||
21 | +++ b/bfd/dwarf2.c | ||
22 | @@ -4205,7 +4205,7 @@ _bfd_dwarf2_find_nearest_line (bfd *abfd, | ||
23 | looking up the function by section + offset uses the | ||
24 | DW_AT_decl_line from the function DW_TAG_subprogram for the line, | ||
25 | which will be the line of the function name. */ | ||
26 | - if ((section->flags & SEC_CODE) == 0) | ||
27 | + if (symbols != NULL && (section->flags & SEC_CODE) == 0) | ||
28 | { | ||
29 | asymbol **tmp; | ||
30 | |||
31 | -- | ||
32 | 1.9.1 | ||
33 | |||