diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch new file mode 100644 index 0000000000..990243f5c9 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch | |||
@@ -0,0 +1,56 @@ | |||
1 | From: Alan Modra <amodra@gmail.com> | ||
2 | Date: Thu, 17 Mar 2022 09:35:39 +0000 (+1030) | ||
3 | Subject: ubsan: Null dereference in parse_module | ||
4 | X-Git-Tag: gdb-12.1-release~59 | ||
5 | X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2 | ||
6 | |||
7 | ubsan: Null dereference in parse_module | ||
8 | |||
9 | * vms-alpha.c (parse_module): Sanity check that DST__K_RTNBEG | ||
10 | has set module->func_table for DST__K_RTNEND. Check return | ||
11 | of bfd_zalloc. | ||
12 | |||
13 | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2] | ||
14 | |||
15 | CVE: CVE-2023-25584 | ||
16 | |||
17 | Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> | ||
18 | |||
19 | --- | ||
20 | |||
21 | diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c | ||
22 | index 4a92574c850..1129c98f0e2 100644 | ||
23 | --- a/bfd/vms-alpha.c | ||
24 | +++ b/bfd/vms-alpha.c | ||
25 | @@ -4352,9 +4352,13 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
26 | |||
27 | /* Initialize tables with zero element. */ | ||
28 | curr_srec = (struct srecinfo *) bfd_zalloc (abfd, sizeof (struct srecinfo)); | ||
29 | + if (!curr_srec) | ||
30 | + return false; | ||
31 | module->srec_table = curr_srec; | ||
32 | |||
33 | curr_line = (struct lineinfo *) bfd_zalloc (abfd, sizeof (struct lineinfo)); | ||
34 | + if (!curr_line) | ||
35 | + return false; | ||
36 | module->line_table = curr_line; | ||
37 | |||
38 | while (length == -1 || ptr < maxptr) | ||
39 | @@ -4389,6 +4393,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
40 | case DST__K_RTNBEG: | ||
41 | funcinfo = (struct funcinfo *) | ||
42 | bfd_zalloc (abfd, sizeof (struct funcinfo)); | ||
43 | + if (!funcinfo) | ||
44 | + return false; | ||
45 | funcinfo->name | ||
46 | = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME, | ||
47 | maxptr - (ptr + DST_S_B_RTNBEG_NAME)); | ||
48 | @@ -4401,6 +4407,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
49 | break; | ||
50 | |||
51 | case DST__K_RTNEND: | ||
52 | + if (!module->func_table) | ||
53 | + return false; | ||
54 | module->func_table->high = module->func_table->low | ||
55 | + bfd_getl32 (ptr + DST_S_L_RTNEND_SIZE) - 1; | ||
56 | |||