diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch new file mode 100644 index 0000000000..f41c02a02b --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch | |||
@@ -0,0 +1,49 @@ | |||
1 | From 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd Mon Sep 17 00:00:00 2001 | ||
2 | From: Nick Clifton <nickc@redhat.com> | ||
3 | Date: Wed, 21 Dec 2022 11:51:23 +0000 | ||
4 | Subject: [PATCH] Fix an attempt to allocate an unreasonably large amount of | ||
5 | memory when parsing a corrupt ELF file. | ||
6 | |||
7 | PR 29924 | ||
8 | * objdump.c (load_specific_debug_section): Check for excessively | ||
9 | large sections. | ||
10 | Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd] | ||
11 | CVE: CVE-2022-48063 | ||
12 | Signed-off-by: Virendra Thakur <virendrak@kpit.com> | ||
13 | Comment: Patch refreshed based on codebase. | ||
14 | --- | ||
15 | binutils/ChangeLog | 6 ++++++ | ||
16 | binutils/objdump.c | 4 +++- | ||
17 | 2 files changed, 9 insertions(+), 1 deletion(-) | ||
18 | |||
19 | diff --git a/binutils/ChangeLog b/binutils/ChangeLog | ||
20 | index e7f918d3f65..020e09f3700 100644 | ||
21 | --- a/binutils/ChangeLog | ||
22 | +++ b/binutils/ChangeLog | ||
23 | @@ -1,3 +1,9 @@ | ||
24 | +2022-12-21 Nick Clifton <nickc@redhat.com> | ||
25 | + | ||
26 | + PR 29924 | ||
27 | + * objdump.c (load_specific_debug_section): Check for excessively | ||
28 | + large sections. | ||
29 | + | ||
30 | 2021-02-11 Alan Modra <amodra@gmail.com> | ||
31 | |||
32 | PR 27290 | ||
33 | |||
34 | diff --git a/binutils/objdump.c b/binutils/objdump.c | ||
35 | index d51abbe3858..2eb02de0e76 100644 | ||
36 | --- a/binutils/objdump.c | ||
37 | +++ b/binutils/objdump.c | ||
38 | @@ -3479,7 +3479,9 @@ | ||
39 | section->size = bfd_section_size (sec); | ||
40 | /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */ | ||
41 | alloced = amt = section->size + 1; | ||
42 | - if (alloced != amt || alloced == 0) | ||
43 | + if (alloced != amt | ||
44 | + || alloced == 0 | ||
45 | + || (bfd_get_size (abfd) != 0 && alloced >= bfd_get_size (abfd))) | ||
46 | { | ||
47 | section->start = NULL; | ||
48 | free_debug_section (debug); | ||
49 | |||