diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-04 13:56:15 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-07 17:10:07 +0000 |
commit | f85b35f63ac606ef455413f2315551509cb7a0e7 (patch) | |
tree | 6c275c9cd0dac0f436b2d2ab8bba2871dece4ab8 /meta/recipes-devtools | |
parent | 39722ae3c60bdda62b9e734e8735ed74705ffc0f (diff) | |
download | poky-f85b35f63ac606ef455413f2315551509cb7a0e7.tar.gz |
binutils: CVE-2017-7224
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74309
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: 640c2ad711ead368a65079a464c55368851e8744
Description:
Fix a seg-fault disassembling a corrupt binary.
PR binutils/20892
* aoutx.h (find_nearest_line): Handle the case where the function
name is empty.
Affects: <= 2.29
(From OE-Core rev: 54992e752e396fc5b3bc5b067cfc4741f1176bb3)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch | 48 |
2 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 06c69b9f66..82b9be774f 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc | |||
@@ -60,6 +60,7 @@ SRC_URI = "\ | |||
60 | file://CVE-2017-12450_12452_12453_12454_12456_1.patch \ | 60 | file://CVE-2017-12450_12452_12453_12454_12456_1.patch \ |
61 | file://CVE-2017-12450_12452_12453_12454_12456.patch \ | 61 | file://CVE-2017-12450_12452_12453_12454_12456.patch \ |
62 | file://CVE-2017-7223.patch \ | 62 | file://CVE-2017-7223.patch \ |
63 | file://CVE-2017-7224.patch \ | ||
63 | " | 64 | " |
64 | S = "${WORKDIR}/git" | 65 | S = "${WORKDIR}/git" |
65 | 66 | ||
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch new file mode 100644 index 0000000000..fb9ce90740 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | commit e82ab856bb4689330c29fb9f1c57a8555b26380e | ||
2 | Author: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Thu Dec 1 10:49:39 2016 +0000 | ||
4 | |||
5 | Fix a seg-fault disassembling a corrupt binary. | ||
6 | |||
7 | PR binutils/20892 | ||
8 | * aoutx.h (find_nearest_line): Handle the case where the function | ||
9 | name is empty. | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | |||
13 | CVE: CVE-2017-7224 | ||
14 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
15 | |||
16 | Index: git/bfd/ChangeLog | ||
17 | =================================================================== | ||
18 | --- git.orig/bfd/ChangeLog 2017-09-04 12:54:37.513859864 +0530 | ||
19 | +++ git/bfd/ChangeLog 2017-09-04 13:00:22.891753836 +0530 | ||
20 | @@ -120,6 +120,10 @@ | ||
21 | * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over | ||
22 | the end of the string buffer. | ||
23 | |||
24 | + PR binutils/20892 | ||
25 | + * aoutx.h (find_nearest_line): Handle the case where the function | ||
26 | + name is empty. | ||
27 | + | ||
28 | 2016-08-02 Nick Clifton <nickc@redhat.com> | ||
29 | |||
30 | PR ld/17739 | ||
31 | Index: git/bfd/aoutx.h | ||
32 | =================================================================== | ||
33 | --- git.orig/bfd/aoutx.h 2017-09-04 12:54:35.957851411 +0530 | ||
34 | +++ git/bfd/aoutx.h 2017-09-04 12:57:50.634902163 +0530 | ||
35 | @@ -2819,6 +2819,13 @@ | ||
36 | const char *function = func->name; | ||
37 | char *colon; | ||
38 | |||
39 | + if (buf == NULL) | ||
40 | + { | ||
41 | + /* PR binutils/20892: In a corrupt input file func can be empty. */ | ||
42 | + * functionname_ptr = NULL; | ||
43 | + return TRUE; | ||
44 | + } | ||
45 | + | ||
46 | /* The caller expects a symbol name. We actually have a | ||
47 | function name, without the leading underscore. Put the | ||
48 | underscore back in, so that the caller gets a symbol name. */ | ||