diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch new file mode 100644 index 0000000000..9bd9207bb5 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-20671.patch | |||
@@ -0,0 +1,49 @@ | |||
1 | From 8a5f4f2ebe7f35ac5646060fa51e3332f6ef388c Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Fri, 4 Jan 2019 13:44:34 +0000 | ||
4 | Subject: [PATCH] Fix a possible integer overflow problem when examining | ||
5 | corrupt binaries using a 32-bit binutil. | ||
6 | |||
7 | PR 24005 | ||
8 | * objdump.c (load_specific_debug_section): Check for integer | ||
9 | overflow before attempting to allocate contents. | ||
10 | |||
11 | CVE: CVE-2018-20671 | ||
12 | Upstream-Status: Backport | ||
13 | [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11fa9f134fd658075c6f74499c780df045d9e9ca] | ||
14 | |||
15 | Signed-off-by: Dan Tran <dantran@microsoft.com> | ||
16 | --- | ||
17 | binutils/objdump.c | 13 ++++++++++--- | ||
18 | 1 file changed, 10 insertions(+), 3 deletions(-) | ||
19 | |||
20 | diff --git a/binutils/objdump.c b/binutils/objdump.c | ||
21 | index f468fcdb59..89ca688938 100644 | ||
22 | --- a/binutils/objdump.c | ||
23 | +++ b/binutils/objdump.c | ||
24 | @@ -2503,12 +2503,19 @@ load_specific_debug_section (enum dwarf_section_display_enum debug, | ||
25 | section->reloc_info = NULL; | ||
26 | section->num_relocs = 0; | ||
27 | section->address = bfd_get_section_vma (abfd, sec); | ||
28 | + section->user_data = sec; | ||
29 | section->size = bfd_get_section_size (sec); | ||
30 | amt = section->size + 1; | ||
31 | + if (amt == 0 || amt > bfd_get_file_size (abfd)) | ||
32 | + { | ||
33 | + section->start = NULL; | ||
34 | + free_debug_section (debug); | ||
35 | + printf (_("\nSection '%s' has an invalid size: %#llx.\n"), | ||
36 | + section->name, (unsigned long long) section->size); | ||
37 | + return FALSE; | ||
38 | + } | ||
39 | section->start = contents = malloc (amt); | ||
40 | - section->user_data = sec; | ||
41 | - if (amt == 0 | ||
42 | - || section->start == NULL | ||
43 | + if (section->start == NULL | ||
44 | || !bfd_get_full_section_contents (abfd, sec, &contents)) | ||
45 | { | ||
46 | free_debug_section (debug); | ||
47 | -- | ||
48 | 2.22.0.vfs.1.1.57.gbaf16c8 | ||
49 | |||