1 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch
new file mode 100644
index 0000000000..699905a4d0
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch
@@ -0,0 +1,66 @@
+commit 50455f1ab2935f7321215dfa681745c9b1cb5b19
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Thu Dec 1 10:15:07 2016 +0000
+    Fix seg-fault running addr2line on a corrupt binary.
+    
+        PR binutils/20891
+        * aoutx.h (find_nearest_line): Handle the case where the main file
+        name and the directory name are both empty.
+Upstream-Status: backport
+CVE: CVE-2017-7225
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog      2017-09-04 13:04:20.941485636 +0530
+++ git/bfd/ChangeLog   2017-09-04 13:08:05.003175703 +0530
+@@ -120,6 +120,12 @@
+        * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
+        the end of the string buffer.
+ 
+2016-12-01  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/20891
+       * aoutx.h (find_nearest_line): Handle the case where the main file
+       name and the directory name are both empty.
+
+        PR binutils/20892
+        * aoutx.h (find_nearest_line): Handle the case where the function
+        name is empty.
+Index: git/bfd/aoutx.h
+===================================================================
+--- git.orig/bfd/aoutx.h        2017-09-04 13:04:20.941485636 +0530
+++ git/bfd/aoutx.h     2017-09-04 13:10:55.856441243 +0530
+@@ -2663,7 +2663,7 @@
+   char *buf;
+ 
+   *filename_ptr = abfd->filename;
+-  *functionname_ptr = 0;
+  *functionname_ptr = NULL;
+   *line_ptr = 0;
+   if (disriminator_ptr)
+     *disriminator_ptr = 0;
+@@ -2808,9 +2808,17 @@
+        *filename_ptr = main_file_name;
+       else
+        {
+-         sprintf (buf, "%s%s", directory_name, main_file_name);
+-         *filename_ptr = buf;
+-         buf += filelen + 1;
+         if (buf == NULL)
+           /* PR binutils/20891: In a corrupt input file both
+              main_file_name and directory_name can be empty...  */
+           * filename_ptr = NULL;
+         else
+           {
+             snprintf (buf, filelen + 1, "%s%s", directory_name,
+                       main_file_name);
+             *filename_ptr = buf;
+             buf += filelen + 1;
+           }
+        }
+     }
+

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch new file mode 100644 index 0000000000..699905a4d0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch
@@ -0,0 +1,66 @@
	1	commit 50455f1ab2935f7321215dfa681745c9b1cb5b19
	2	Author: Nick Clifton <nickc@redhat.com>
	3	Date: Thu Dec 1 10:15:07 2016 +0000
	4
	5	Fix seg-fault running addr2line on a corrupt binary.
	6
	7	PR binutils/20891
	8	* aoutx.h (find_nearest_line): Handle the case where the main file
	9	name and the directory name are both empty.
	10
	11	Upstream-Status: backport
	12
	13	CVE: CVE-2017-7225
	14	Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
	15
	16	Index: git/bfd/ChangeLog
	17	===================================================================
	18	--- git.orig/bfd/ChangeLog 2017-09-04 13:04:20.941485636 +0530
	19	+++ git/bfd/ChangeLog 2017-09-04 13:08:05.003175703 +0530
	20	@@ -120,6 +120,12 @@
	21	* peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
	22	the end of the string buffer.
	23
	24	+2016-12-01 Nick Clifton <nickc@redhat.com>
	25	+
	26	+ PR binutils/20891
	27	+ * aoutx.h (find_nearest_line): Handle the case where the main file
	28	+ name and the directory name are both empty.
	29	+
	30	PR binutils/20892
	31	* aoutx.h (find_nearest_line): Handle the case where the function
	32	name is empty.
	33	Index: git/bfd/aoutx.h
	34	===================================================================
	35	--- git.orig/bfd/aoutx.h 2017-09-04 13:04:20.941485636 +0530
	36	+++ git/bfd/aoutx.h 2017-09-04 13:10:55.856441243 +0530
	37	@@ -2663,7 +2663,7 @@
	38	char *buf;
	39
	40	*filename_ptr = abfd->filename;
	41	- *functionname_ptr = 0;
	42	+ *functionname_ptr = NULL;
	43	*line_ptr = 0;
	44	if (disriminator_ptr)
	45	*disriminator_ptr = 0;
	46	@@ -2808,9 +2808,17 @@
	47	*filename_ptr = main_file_name;
	48	else
	49	{
	50	- sprintf (buf, "%s%s", directory_name, main_file_name);
	51	- *filename_ptr = buf;
	52	- buf += filelen + 1;
	53	+ if (buf == NULL)
	54	+ /* PR binutils/20891: In a corrupt input file both
	55	+ main_file_name and directory_name can be empty... */
	56	+ * filename_ptr = NULL;
	57	+ else
	58	+ {
	59	+ snprintf (buf, filelen + 1, "%s%s", directory_name,
	60	+ main_file_name);
	61	+ *filename_ptr = buf;
	62	+ buf += filelen + 1;
	63	+ }
	64	}
	65	}
	66