diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch new file mode 100644 index 0000000000..0950561e10 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch | |||
@@ -0,0 +1,79 @@ | |||
1 | commit 60a02042bacf8d25814430080adda61ed086bca6 | ||
2 | Author: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Fri Jun 30 11:03:37 2017 +0100 | ||
4 | |||
5 | Fix failures in MMIX linker tests introduced by fix for PR 21665. | ||
6 | |||
7 | PR binutils/21665 | ||
8 | * objdump.c (disassemble_section): Move check for an overlarge | ||
9 | section to just before the allocation of memory. Do not check | ||
10 | section size against file size, but instead use an arbitrary 2Gb | ||
11 | limit. Issue a warning message if the section is too big. | ||
12 | |||
13 | Upstream-Status: CVE-2017-9955 | ||
14 | |||
15 | CVE: CVE-2017-9955 | ||
16 | Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> | ||
17 | |||
18 | Index: git/binutils/objdump.c | ||
19 | =================================================================== | ||
20 | --- git.orig/binutils/objdump.c 2017-09-21 18:10:55.499217078 +0530 | ||
21 | +++ git/binutils/objdump.c 2017-09-21 18:10:55.483216953 +0530 | ||
22 | @@ -1973,7 +1973,7 @@ | ||
23 | return; | ||
24 | |||
25 | datasize = bfd_get_section_size (section); | ||
26 | - if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd)) | ||
27 | + if (datasize == 0) | ||
28 | return; | ||
29 | |||
30 | if (start_address == (bfd_vma) -1 | ||
31 | @@ -2037,6 +2037,29 @@ | ||
32 | } | ||
33 | rel_ppend = rel_pp + rel_count; | ||
34 | |||
35 | + /* PR 21665: Check for overlarge datasizes. | ||
36 | + Note - we used to check for "datasize > bfd_get_file_size (abfd)" but | ||
37 | + this fails when using compressed sections or compressed file formats | ||
38 | + (eg MMO, tekhex). | ||
39 | + | ||
40 | + The call to xmalloc below will fail if too much memory is requested, | ||
41 | + which will catch the problem in the normal use case. But if a memory | ||
42 | + checker is in use, eg valgrind or sanitize, then an exception will | ||
43 | + be still generated, so we try to catch the problem first. | ||
44 | + | ||
45 | + Unfortunately there is no simple way to determine how much memory can | ||
46 | + be allocated by calling xmalloc. So instead we use a simple, arbitrary | ||
47 | + limit of 2Gb. Hopefully this should be enough for most users. If | ||
48 | + someone does start trying to disassemble sections larger then 2Gb in | ||
49 | + size they will doubtless complain and we can increase the limit. */ | ||
50 | +#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */ | ||
51 | + if (datasize > MAX_XMALLOC) | ||
52 | + { | ||
53 | + non_fatal (_("Reading section %s failed because it is too big (%#lx)"), | ||
54 | + section->name, (unsigned long) datasize); | ||
55 | + return; | ||
56 | + } | ||
57 | + | ||
58 | data = (bfd_byte *) xmalloc (datasize); | ||
59 | |||
60 | bfd_get_section_contents (abfd, section, data, 0, datasize); | ||
61 | Index: git/binutils/ChangeLog | ||
62 | =================================================================== | ||
63 | --- git.orig/binutils/ChangeLog 2017-09-21 17:57:10.448948416 +0530 | ||
64 | +++ git/binutils/ChangeLog 2017-09-21 18:13:09.052268892 +0530 | ||
65 | @@ -4,6 +4,14 @@ | ||
66 | * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty | ||
67 | string whilst concatenating symbol names. | ||
68 | |||
69 | +2017-06-30 Nick Clifton <nickc@redhat.com> | ||
70 | + | ||
71 | + PR binutils/21665 | ||
72 | + * objdump.c (disassemble_section): Move check for an overlarge | ||
73 | + section to just before the allocation of memory. Do not check | ||
74 | + section size against file size, but instead use an arbitrary 2Gb | ||
75 | + limit. Issue a warning message if the section is too big. | ||
76 | + | ||
77 | 2017-05-02 Nick Clifton <nickc@redhat.com> | ||
78 | |||
79 | PR 21440 | ||