diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2018-18606.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2018-18606.patch | 50 |
1 files changed, 0 insertions, 50 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-18606.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-18606.patch deleted file mode 100644 index 325c339b88..0000000000 --- a/meta/recipes-devtools/binutils/binutils/CVE-2018-18606.patch +++ /dev/null | |||
@@ -1,50 +0,0 @@ | |||
1 | From 45a0eaf77022963d639d6d19871dbab7b79703fc Mon Sep 17 00:00:00 2001 | ||
2 | From: Alan Modra <amodra@gmail.com> | ||
3 | Date: Tue, 23 Oct 2018 19:02:06 +1030 | ||
4 | Subject: [PATCH] PR23806, NULL pointer dereference in merge_strings | ||
5 | |||
6 | PR 23806 | ||
7 | * merge.c (_bfd_add_merge_section): Don't attempt to merge | ||
8 | sections with ridiculously large alignments. | ||
9 | |||
10 | Upstream-Status: Backport | ||
11 | CVE: CVE-2018-18606 | ||
12 | Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> | ||
13 | --- | ||
14 | bfd/ChangeLog | 6 ++++++ | ||
15 | bfd/merge.c | 15 +++++++++++---- | ||
16 | 2 files changed, 17 insertions(+), 4 deletions(-) | ||
17 | |||
18 | --- a/bfd/merge.c | ||
19 | +++ b/bfd/merge.c | ||
20 | @@ -24,6 +24,7 @@ | ||
21 | as used in ELF SHF_MERGE. */ | ||
22 | |||
23 | #include "sysdep.h" | ||
24 | +#include <limits.h> | ||
25 | #include "bfd.h" | ||
26 | #include "elf-bfd.h" | ||
27 | #include "libbfd.h" | ||
28 | @@ -385,12 +386,18 @@ _bfd_add_merge_section (bfd *abfd, void | ||
29 | return TRUE; | ||
30 | } | ||
31 | |||
32 | - align = sec->alignment_power; | ||
33 | - if ((sec->entsize < (unsigned) 1 << align | ||
34 | +#ifndef CHAR_BIT | ||
35 | +#define CHAR_BIT 8 | ||
36 | +#endif | ||
37 | + if (sec->alignment_power >= sizeof (align) * CHAR_BIT) | ||
38 | + return TRUE; | ||
39 | + | ||
40 | + align = 1u << sec->alignment_power; | ||
41 | + if ((sec->entsize < align | ||
42 | && ((sec->entsize & (sec->entsize - 1)) | ||
43 | || !(sec->flags & SEC_STRINGS))) | ||
44 | - || (sec->entsize > (unsigned) 1 << align | ||
45 | - && (sec->entsize & (((unsigned) 1 << align) - 1)))) | ||
46 | + || (sec->entsize > align | ||
47 | + && (sec->entsize & (align - 1)))) | ||
48 | { | ||
49 | /* Sanity check. If string character size is smaller than | ||
50 | alignment, then we require character size to be a power | ||