diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch new file mode 100644 index 0000000000..102d65f8a6 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alan Modra <amodra@gmail.com> | ||
3 | Date: Sat, 13 Aug 2022 15:32:47 +0930 | ||
4 | Subject: [PATCH] PR29482 - strip: heap-buffer-overflow | ||
5 | |||
6 | PR 29482 | ||
7 | * coffcode.h (coff_set_section_contents): Sanity check _LIB. | ||
8 | |||
9 | CVE: CVE-2022-38533 | ||
10 | Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797] | ||
11 | |||
12 | Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com> | ||
13 | |||
14 | --- | ||
15 | bfd/coffcode.h | 7 +++++-- | ||
16 | 1 file changed, 5 insertions(+), 2 deletions(-) | ||
17 | |||
18 | diff --git a/bfd/coffcode.h b/bfd/coffcode.h | ||
19 | index dec2e9c6370..75c18d88602 100644 | ||
20 | --- a/bfd/coffcode.h | ||
21 | +++ b/bfd/coffcode.h | ||
22 | @@ -4170,10 +4170,13 @@ coff_set_section_contents (bfd * abfd, | ||
23 | |||
24 | rec = (bfd_byte *) location; | ||
25 | recend = rec + count; | ||
26 | - while (rec < recend) | ||
27 | + while (recend - rec >= 4) | ||
28 | { | ||
29 | + size_t len = bfd_get_32 (abfd, rec); | ||
30 | + if (len == 0 || len > (size_t) (recend - rec) / 4) | ||
31 | + break; | ||
32 | + rec += len * 4; | ||
33 | ++section->lma; | ||
34 | - rec += bfd_get_32 (abfd, rec) * 4; | ||
35 | } | ||
36 | |||
37 | BFD_ASSERT (rec == recend); | ||