diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch new file mode 100644 index 0000000000..38225d171e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch | |||
@@ -0,0 +1,77 @@ | |||
1 | From 102def4da826b3d9e169741421e5e67e8731909a Mon Sep 17 00:00:00 2001 | ||
2 | From: Alan Modra <amodra@gmail.com> | ||
3 | Date: Tue, 23 Oct 2018 18:30:22 +1030 | ||
4 | Subject: [PATCH] PR23805, NULL pointer dereference in elf_link_input_bfd | ||
5 | |||
6 | PR 23805 | ||
7 | * elflink.c (elf_link_input_bfd): Don't segfault on finding | ||
8 | STT_TLS symbols without any TLS sections. Instead, change the | ||
9 | symbol type to STT_NOTYPE. | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | CVE: CVE-2018-18606 | ||
13 | Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> | ||
14 | --- | ||
15 | bfd/ChangeLog | 7 +++++++ | ||
16 | bfd/elflink.c | 20 ++++++++++++++------ | ||
17 | 2 files changed, 21 insertions(+), 6 deletions(-) | ||
18 | |||
19 | diff --git a/bfd/ChangeLog b/bfd/ChangeLog | ||
20 | index da423b1..1f3fc1c 100644 | ||
21 | --- a/bfd/ChangeLog | ||
22 | +++ b/bfd/ChangeLog | ||
23 | @@ -1,5 +1,12 @@ | ||
24 | 2018-10-23 Alan Modra <amodra@gmail.com> | ||
25 | |||
26 | + PR 23805 | ||
27 | + * elflink.c (elf_link_input_bfd): Don't segfault on finding | ||
28 | + STT_TLS symbols without any TLS sections. Instead, change the | ||
29 | + symbol type to STT_NOTYPE. | ||
30 | + | ||
31 | +2018-10-23 Alan Modra <amodra@gmail.com> | ||
32 | + | ||
33 | PR 23806 | ||
34 | * merge.c (_bfd_add_merge_section): Don't attempt to merge | ||
35 | sections with ridiculously large alignments. | ||
36 | diff --git a/bfd/elflink.c b/bfd/elflink.c | ||
37 | index c3876cb..87440db 100644 | ||
38 | --- a/bfd/elflink.c | ||
39 | +++ b/bfd/elflink.c | ||
40 | @@ -10489,8 +10489,11 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd) | ||
41 | if (ELF_ST_TYPE (osym.st_info) == STT_TLS) | ||
42 | { | ||
43 | /* STT_TLS symbols are relative to PT_TLS segment base. */ | ||
44 | - BFD_ASSERT (elf_hash_table (flinfo->info)->tls_sec != NULL); | ||
45 | - osym.st_value -= elf_hash_table (flinfo->info)->tls_sec->vma; | ||
46 | + if (elf_hash_table (flinfo->info)->tls_sec != NULL) | ||
47 | + osym.st_value -= elf_hash_table (flinfo->info)->tls_sec->vma; | ||
48 | + else | ||
49 | + osym.st_info = ELF_ST_INFO (ELF_ST_BIND (osym.st_info), | ||
50 | + STT_NOTYPE); | ||
51 | } | ||
52 | } | ||
53 | |||
54 | @@ -11046,12 +11049,17 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd) | ||
55 | sym.st_value += osec->vma; | ||
56 | if (ELF_ST_TYPE (sym.st_info) == STT_TLS) | ||
57 | { | ||
58 | + struct elf_link_hash_table *htab | ||
59 | + = elf_hash_table (flinfo->info); | ||
60 | + | ||
61 | /* STT_TLS symbols are relative to PT_TLS | ||
62 | segment base. */ | ||
63 | - BFD_ASSERT (elf_hash_table (flinfo->info) | ||
64 | - ->tls_sec != NULL); | ||
65 | - sym.st_value -= (elf_hash_table (flinfo->info) | ||
66 | - ->tls_sec->vma); | ||
67 | + if (htab->tls_sec != NULL) | ||
68 | + sym.st_value -= htab->tls_sec->vma; | ||
69 | + else | ||
70 | + sym.st_info | ||
71 | + = ELF_ST_INFO (ELF_ST_BIND (sym.st_info), | ||
72 | + STT_NOTYPE); | ||
73 | } | ||
74 | } | ||
75 | |||
76 | -- | ||
77 | 2.9.3 | ||