diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch new file mode 100644 index 0000000000..699905a4d0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch | |||
@@ -0,0 +1,66 @@ | |||
1 | commit 50455f1ab2935f7321215dfa681745c9b1cb5b19 | ||
2 | Author: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Thu Dec 1 10:15:07 2016 +0000 | ||
4 | |||
5 | Fix seg-fault running addr2line on a corrupt binary. | ||
6 | |||
7 | PR binutils/20891 | ||
8 | * aoutx.h (find_nearest_line): Handle the case where the main file | ||
9 | name and the directory name are both empty. | ||
10 | |||
11 | Upstream-Status: backport | ||
12 | |||
13 | CVE: CVE-2017-7225 | ||
14 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
15 | |||
16 | Index: git/bfd/ChangeLog | ||
17 | =================================================================== | ||
18 | --- git.orig/bfd/ChangeLog 2017-09-04 13:04:20.941485636 +0530 | ||
19 | +++ git/bfd/ChangeLog 2017-09-04 13:08:05.003175703 +0530 | ||
20 | @@ -120,6 +120,12 @@ | ||
21 | * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over | ||
22 | the end of the string buffer. | ||
23 | |||
24 | +2016-12-01 Nick Clifton <nickc@redhat.com> | ||
25 | + | ||
26 | + PR binutils/20891 | ||
27 | + * aoutx.h (find_nearest_line): Handle the case where the main file | ||
28 | + name and the directory name are both empty. | ||
29 | + | ||
30 | PR binutils/20892 | ||
31 | * aoutx.h (find_nearest_line): Handle the case where the function | ||
32 | name is empty. | ||
33 | Index: git/bfd/aoutx.h | ||
34 | =================================================================== | ||
35 | --- git.orig/bfd/aoutx.h 2017-09-04 13:04:20.941485636 +0530 | ||
36 | +++ git/bfd/aoutx.h 2017-09-04 13:10:55.856441243 +0530 | ||
37 | @@ -2663,7 +2663,7 @@ | ||
38 | char *buf; | ||
39 | |||
40 | *filename_ptr = abfd->filename; | ||
41 | - *functionname_ptr = 0; | ||
42 | + *functionname_ptr = NULL; | ||
43 | *line_ptr = 0; | ||
44 | if (disriminator_ptr) | ||
45 | *disriminator_ptr = 0; | ||
46 | @@ -2808,9 +2808,17 @@ | ||
47 | *filename_ptr = main_file_name; | ||
48 | else | ||
49 | { | ||
50 | - sprintf (buf, "%s%s", directory_name, main_file_name); | ||
51 | - *filename_ptr = buf; | ||
52 | - buf += filelen + 1; | ||
53 | + if (buf == NULL) | ||
54 | + /* PR binutils/20891: In a corrupt input file both | ||
55 | + main_file_name and directory_name can be empty... */ | ||
56 | + * filename_ptr = NULL; | ||
57 | + else | ||
58 | + { | ||
59 | + snprintf (buf, filelen + 1, "%s%s", directory_name, | ||
60 | + main_file_name); | ||
61 | + *filename_ptr = buf; | ||
62 | + buf += filelen + 1; | ||
63 | + } | ||
64 | } | ||
65 | } | ||
66 | |||