1 files changed, 79 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch
new file mode 100644
index 0000000000..0950561e10
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch
@@ -0,0 +1,79 @@
+commit 60a02042bacf8d25814430080adda61ed086bca6
+Author: Nick Clifton <nickc@redhat.com>
+Date:   Fri Jun 30 11:03:37 2017 +0100
+    Fix failures in MMIX linker tests introduced by fix for PR 21665.
+    
+        PR binutils/21665
+        * objdump.c (disassemble_section): Move check for an overlarge
+        section to just before the allocation of memory.  Do not check
+        section size against file size, but instead use an arbitrary 2Gb
+        limit.  Issue a warning message if the section is too big.
+Upstream-Status: CVE-2017-9955
+CVE: CVE-2017-9955
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c 2017-09-21 18:10:55.499217078 +0530
+++ git/binutils/objdump.c      2017-09-21 18:10:55.483216953 +0530
+@@ -1973,7 +1973,7 @@
+     return;
+ 
+   datasize = bfd_get_section_size (section);
+-  if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd))
+  if (datasize == 0)
+     return;
+ 
+   if (start_address == (bfd_vma) -1
+@@ -2037,6 +2037,29 @@
+     }
+   rel_ppend = rel_pp + rel_count;
+ 
+  /* PR 21665: Check for overlarge datasizes.
+     Note - we used to check for "datasize > bfd_get_file_size (abfd)" but
+     this fails when using compressed sections or compressed file formats
+     (eg MMO, tekhex).
+
+     The call to xmalloc below will fail if too much memory is requested,
+     which will catch the problem in the normal use case.  But if a memory
+     checker is in use, eg valgrind or sanitize, then an exception will
+     be still generated, so we try to catch the problem first.
+
+     Unfortunately there is no simple way to determine how much memory can
+     be allocated by calling xmalloc.  So instead we use a simple, arbitrary
+     limit of 2Gb.  Hopefully this should be enough for most users.  If
+     someone does start trying to disassemble sections larger then 2Gb in
+     size they will doubtless complain and we can increase the limit.  */
+#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */
+  if (datasize > MAX_XMALLOC)
+    {
+      non_fatal (_("Reading section %s failed because it is too big (%#lx)"),
+                section->name, (unsigned long) datasize);
+      return;
+    }
+
+   data = (bfd_byte *) xmalloc (datasize);
+ 
+   bfd_get_section_contents (abfd, section, data, 0, datasize);
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog 2017-09-21 17:57:10.448948416 +0530
+++ git/binutils/ChangeLog      2017-09-21 18:13:09.052268892 +0530
+@@ -4,6 +4,14 @@
+        * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
+        string whilst concatenating symbol names.
+ 
+2017-06-30  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21665
+       * objdump.c (disassemble_section): Move check for an overlarge
+       section to just before the allocation of memory.  Do not check
+       section size against file size, but instead use an arbitrary 2Gb
+       limit.  Issue a warning message if the section is too big.
+
+ 2017-05-02  Nick Clifton  <nickc@redhat.com>
+ 
+        PR 21440

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch new file mode 100644 index 0000000000..0950561e10 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch
@@ -0,0 +1,79 @@
	1	commit 60a02042bacf8d25814430080adda61ed086bca6
	2	Author: Nick Clifton <nickc@redhat.com>
	3	Date: Fri Jun 30 11:03:37 2017 +0100
	4
	5	Fix failures in MMIX linker tests introduced by fix for PR 21665.
	6
	7	PR binutils/21665
	8	* objdump.c (disassemble_section): Move check for an overlarge
	9	section to just before the allocation of memory. Do not check
	10	section size against file size, but instead use an arbitrary 2Gb
	11	limit. Issue a warning message if the section is too big.
	12
	13	Upstream-Status: CVE-2017-9955
	14
	15	CVE: CVE-2017-9955
	16	Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
	17
	18	Index: git/binutils/objdump.c
	19	===================================================================
	20	--- git.orig/binutils/objdump.c 2017-09-21 18:10:55.499217078 +0530
	21	+++ git/binutils/objdump.c 2017-09-21 18:10:55.483216953 +0530
	22	@@ -1973,7 +1973,7 @@
	23	return;
	24
	25	datasize = bfd_get_section_size (section);
	26	- if (datasize == 0 \|\| datasize >= (bfd_size_type) bfd_get_file_size (abfd))
	27	+ if (datasize == 0)
	28	return;
	29
	30	if (start_address == (bfd_vma) -1
	31	@@ -2037,6 +2037,29 @@
	32	}
	33	rel_ppend = rel_pp + rel_count;
	34
	35	+ /* PR 21665: Check for overlarge datasizes.
	36	+ Note - we used to check for "datasize > bfd_get_file_size (abfd)" but
	37	+ this fails when using compressed sections or compressed file formats
	38	+ (eg MMO, tekhex).
	39	+
	40	+ The call to xmalloc below will fail if too much memory is requested,
	41	+ which will catch the problem in the normal use case. But if a memory
	42	+ checker is in use, eg valgrind or sanitize, then an exception will
	43	+ be still generated, so we try to catch the problem first.
	44	+
	45	+ Unfortunately there is no simple way to determine how much memory can
	46	+ be allocated by calling xmalloc. So instead we use a simple, arbitrary
	47	+ limit of 2Gb. Hopefully this should be enough for most users. If
	48	+ someone does start trying to disassemble sections larger then 2Gb in
	49	+ size they will doubtless complain and we can increase the limit. */
	50	+#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */
	51	+ if (datasize > MAX_XMALLOC)
	52	+ {
	53	+ non_fatal (_("Reading section %s failed because it is too big (%#lx)"),
	54	+ section->name, (unsigned long) datasize);
	55	+ return;
	56	+ }
	57	+
	58	data = (bfd_byte *) xmalloc (datasize);
	59
	60	bfd_get_section_contents (abfd, section, data, 0, datasize);
	61	Index: git/binutils/ChangeLog
	62	===================================================================
	63	--- git.orig/binutils/ChangeLog 2017-09-21 17:57:10.448948416 +0530
	64	+++ git/binutils/ChangeLog 2017-09-21 18:13:09.052268892 +0530
	65	@@ -4,6 +4,14 @@
	66	* rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
	67	string whilst concatenating symbol names.
	68
	69	+2017-06-30 Nick Clifton <nickc@redhat.com>
	70	+
	71	+ PR binutils/21665
	72	+ * objdump.c (disassemble_section): Move check for an overlarge
	73	+ section to just before the allocation of memory. Do not check
	74	+ section size against file size, but instead use an arbitrary 2Gb
	75	+ limit. Issue a warning message if the section is too big.
	76	+
	77	2017-05-02 Nick Clifton <nickc@redhat.com>
	78
	79	PR 21440