diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch new file mode 100644 index 0000000000..9df8138401 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p1.patch | |||
@@ -0,0 +1,58 @@ | |||
1 | From 30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573 Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Tue, 26 Sep 2017 14:37:47 +0100 | ||
4 | Subject: [PATCH] Avoid needless resource usage when processing a corrupt DWARF | ||
5 | directory or file name table. | ||
6 | |||
7 | PR 22210 | ||
8 | * dwarf2.c (read_formatted_entries): Fail early if we know that | ||
9 | the loop parsing data entries will overflow the end of the | ||
10 | section. | ||
11 | |||
12 | Upstream-Status: Backport | ||
13 | Affects: <= 2.29.1 | ||
14 | CVE: CVE-2017-14933 #1 | ||
15 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
16 | |||
17 | --- | ||
18 | bfd/ChangeLog | 7 +++++++ | ||
19 | bfd/dwarf2.c | 10 ++++++++++ | ||
20 | 2 files changed, 17 insertions(+) | ||
21 | |||
22 | Index: git/bfd/ChangeLog | ||
23 | =================================================================== | ||
24 | --- git.orig/bfd/ChangeLog | ||
25 | +++ git/bfd/ChangeLog | ||
26 | @@ -1,3 +1,10 @@ | ||
27 | +2017-09-26 Nick Clifton <nickc@redhat.com> | ||
28 | + | ||
29 | + PR 22210 | ||
30 | + * dwarf2.c (read_formatted_entries): Fail early if we know that | ||
31 | + the loop parsing data entries will overflow the end of the | ||
32 | + section. | ||
33 | + | ||
34 | 2017-09-26 Alan Modra <amodra@gmail.com> | ||
35 | |||
36 | PR 22204 | ||
37 | Index: git/bfd/dwarf2.c | ||
38 | =================================================================== | ||
39 | --- git.orig/bfd/dwarf2.c | ||
40 | +++ git/bfd/dwarf2.c | ||
41 | @@ -1933,6 +1933,17 @@ read_formatted_entries (struct comp_unit | ||
42 | |||
43 | data_count = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE, buf_end); | ||
44 | buf += bytes_read; | ||
45 | + | ||
46 | + /* PR 22210. Paranoia check. Don't bother running the loop | ||
47 | + if we know that we are going to run out of buffer. */ | ||
48 | + if (data_count > (bfd_vma) (buf_end - buf)) | ||
49 | + { | ||
50 | + _bfd_error_handler (_("Dwarf Error: data count (%Lx) larger than buffer size."), | ||
51 | + data_count); | ||
52 | + bfd_set_error (bfd_error_bad_value); | ||
53 | + return FALSE; | ||
54 | + } | ||
55 | + | ||
56 | for (datai = 0; datai < data_count; datai++) | ||
57 | { | ||
58 | bfd_byte *format = format_header_data; | ||