diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch')
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch new file mode 100644 index 0000000000..38225d171e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch | |||
| @@ -0,0 +1,77 @@ | |||
| 1 | From 102def4da826b3d9e169741421e5e67e8731909a Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Alan Modra <amodra@gmail.com> | ||
| 3 | Date: Tue, 23 Oct 2018 18:30:22 +1030 | ||
| 4 | Subject: [PATCH] PR23805, NULL pointer dereference in elf_link_input_bfd | ||
| 5 | |||
| 6 | PR 23805 | ||
| 7 | * elflink.c (elf_link_input_bfd): Don't segfault on finding | ||
| 8 | STT_TLS symbols without any TLS sections. Instead, change the | ||
| 9 | symbol type to STT_NOTYPE. | ||
| 10 | |||
| 11 | Upstream-Status: Backport | ||
| 12 | CVE: CVE-2018-18606 | ||
| 13 | Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> | ||
| 14 | --- | ||
| 15 | bfd/ChangeLog | 7 +++++++ | ||
| 16 | bfd/elflink.c | 20 ++++++++++++++------ | ||
| 17 | 2 files changed, 21 insertions(+), 6 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/bfd/ChangeLog b/bfd/ChangeLog | ||
| 20 | index da423b1..1f3fc1c 100644 | ||
| 21 | --- a/bfd/ChangeLog | ||
| 22 | +++ b/bfd/ChangeLog | ||
| 23 | @@ -1,5 +1,12 @@ | ||
| 24 | 2018-10-23 Alan Modra <amodra@gmail.com> | ||
| 25 | |||
| 26 | + PR 23805 | ||
| 27 | + * elflink.c (elf_link_input_bfd): Don't segfault on finding | ||
| 28 | + STT_TLS symbols without any TLS sections. Instead, change the | ||
| 29 | + symbol type to STT_NOTYPE. | ||
| 30 | + | ||
| 31 | +2018-10-23 Alan Modra <amodra@gmail.com> | ||
| 32 | + | ||
| 33 | PR 23806 | ||
| 34 | * merge.c (_bfd_add_merge_section): Don't attempt to merge | ||
| 35 | sections with ridiculously large alignments. | ||
| 36 | diff --git a/bfd/elflink.c b/bfd/elflink.c | ||
| 37 | index c3876cb..87440db 100644 | ||
| 38 | --- a/bfd/elflink.c | ||
| 39 | +++ b/bfd/elflink.c | ||
| 40 | @@ -10489,8 +10489,11 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd) | ||
| 41 | if (ELF_ST_TYPE (osym.st_info) == STT_TLS) | ||
| 42 | { | ||
| 43 | /* STT_TLS symbols are relative to PT_TLS segment base. */ | ||
| 44 | - BFD_ASSERT (elf_hash_table (flinfo->info)->tls_sec != NULL); | ||
| 45 | - osym.st_value -= elf_hash_table (flinfo->info)->tls_sec->vma; | ||
| 46 | + if (elf_hash_table (flinfo->info)->tls_sec != NULL) | ||
| 47 | + osym.st_value -= elf_hash_table (flinfo->info)->tls_sec->vma; | ||
| 48 | + else | ||
| 49 | + osym.st_info = ELF_ST_INFO (ELF_ST_BIND (osym.st_info), | ||
| 50 | + STT_NOTYPE); | ||
| 51 | } | ||
| 52 | } | ||
| 53 | |||
| 54 | @@ -11046,12 +11049,17 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd) | ||
| 55 | sym.st_value += osec->vma; | ||
| 56 | if (ELF_ST_TYPE (sym.st_info) == STT_TLS) | ||
| 57 | { | ||
| 58 | + struct elf_link_hash_table *htab | ||
| 59 | + = elf_hash_table (flinfo->info); | ||
| 60 | + | ||
| 61 | /* STT_TLS symbols are relative to PT_TLS | ||
| 62 | segment base. */ | ||
| 63 | - BFD_ASSERT (elf_hash_table (flinfo->info) | ||
| 64 | - ->tls_sec != NULL); | ||
| 65 | - sym.st_value -= (elf_hash_table (flinfo->info) | ||
| 66 | - ->tls_sec->vma); | ||
| 67 | + if (htab->tls_sec != NULL) | ||
| 68 | + sym.st_value -= htab->tls_sec->vma; | ||
| 69 | + else | ||
| 70 | + sym.st_info | ||
| 71 | + = ELF_ST_INFO (ELF_ST_BIND (sym.st_info), | ||
| 72 | + STT_NOTYPE); | ||
| 73 | } | ||
| 74 | } | ||
| 75 | |||
| 76 | -- | ||
| 77 | 2.9.3 | ||