summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r--meta/recipes-devtools/gdb/gdb-8.3.1.inc (renamed from meta/recipes-devtools/gdb/gdb-8.3.inc)5
-rw-r--r--meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.1.bb (renamed from meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.bb)0
-rw-r--r--meta/recipes-devtools/gdb/gdb-cross_8.3.1.bb (renamed from meta/recipes-devtools/gdb/gdb-cross_8.3.bb)0
-rw-r--r--meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch98
-rw-r--r--meta/recipes-devtools/gdb/gdb_8.3.1.bb (renamed from meta/recipes-devtools/gdb/gdb_8.3.bb)0
5 files changed, 2 insertions, 101 deletions
diff --git a/meta/recipes-devtools/gdb/gdb-8.3.inc b/meta/recipes-devtools/gdb/gdb-8.3.1.inc
index 070c17d4a1..39f1c48cc7 100644
--- a/meta/recipes-devtools/gdb/gdb-8.3.inc
+++ b/meta/recipes-devtools/gdb/gdb-8.3.1.inc
@@ -16,7 +16,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \
16 file://0009-Change-order-of-CFLAGS.patch \ 16 file://0009-Change-order-of-CFLAGS.patch \
17 file://0010-resolve-restrict-keyword-conflict.patch \ 17 file://0010-resolve-restrict-keyword-conflict.patch \
18 file://0011-Fix-invalid-sigprocmask-call.patch \ 18 file://0011-Fix-invalid-sigprocmask-call.patch \
19 file://CVE-2017-9778.patch \
20 " 19 "
21SRC_URI[md5sum] = "bbd95b2f9b34621ad7a19a3965476314" 20SRC_URI[md5sum] = "73b6a5d8141672c62bf851cd34c4aa83"
22SRC_URI[sha256sum] = "802f7ee309dcc547d65a68d61ebd6526762d26c3051f52caebe2189ac1ffd72e" 21SRC_URI[sha256sum] = "1e55b4d7cdca7b34be12f4ceae651623aa73b2fd640152313f9f66a7149757c4"
diff --git a/meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.bb b/meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.1.bb
index 301035940c..301035940c 100644
--- a/meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.bb
+++ b/meta/recipes-devtools/gdb/gdb-cross-canadian_8.3.1.bb
diff --git a/meta/recipes-devtools/gdb/gdb-cross_8.3.bb b/meta/recipes-devtools/gdb/gdb-cross_8.3.1.bb
index 50cf159fdb..50cf159fdb 100644
--- a/meta/recipes-devtools/gdb/gdb-cross_8.3.bb
+++ b/meta/recipes-devtools/gdb/gdb-cross_8.3.1.bb
diff --git a/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch b/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch
deleted file mode 100644
index f142ed00d7..0000000000
--- a/meta/recipes-devtools/gdb/gdb/CVE-2017-9778.patch
+++ /dev/null
@@ -1,98 +0,0 @@
1From 6ad3791f095cfc1b0294f62c4b3a524ba735595e Mon Sep 17 00:00:00 2001
2From: Sandra Loosemore <sandra@codesourcery.com>
3Date: Thu, 25 Apr 2019 07:27:02 -0700
4Subject: [PATCH] Detect invalid length field in debug frame FDE header.
5
6GDB was failing to catch cases where a corrupt ELF or core file
7contained an invalid length value in a Dwarf debug frame FDE header.
8It was checking for buffer overflow but not cases where the length was
9negative or caused pointer wrap-around.
10
11In addition to the additional validity check, this patch cleans up the
12multiple signed/unsigned conversions on the length field so that an
13unsigned representation is used consistently throughout.
14
15This patch fixes CVE-2017-9778 and PR gdb/21600.
16
172019-04-25 Sandra Loosemore <sandra@codesourcery.com>
18 Kang Li <kanglictf@gmail.com>
19
20 PR gdb/21600
21
22 * dwarf2-frame.c (read_initial_length): Be consistent about using
23 unsigned representation of length.
24 (decode_frame_entry_1): Likewise. Check for wraparound of
25 end pointer as well as buffer overflow.
26
27Upstream-Status: Backport
28CVE: CVE-2017-9778
29Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
30---
31 gdb/ChangeLog | 10 ++++++++++
32 gdb/dwarf2-frame.c | 14 +++++++-------
33 2 files changed, 17 insertions(+), 7 deletions(-)
34
35diff --git a/gdb/ChangeLog b/gdb/ChangeLog
36index 1c125de..d028d2b 100644
37--- a/gdb/ChangeLog
38+++ b/gdb/ChangeLog
39@@ -1,3 +1,13 @@
40+2019-04-25 Sandra Loosemore <sandra@codesourcery.com>
41+ Kang Li <kanglictf@gmail.com>
42+
43+ PR gdb/21600
44+
45+ * dwarf2-frame.c (read_initial_length): Be consistent about using
46+ unsigned representation of length.
47+ (decode_frame_entry_1): Likewise. Check for wraparound of
48+ end pointer as well as buffer overflow.
49+
50 2019-05-11 Joel Brobecker <brobecker@adacore.com>
51
52 * version.in: Set GDB version number to 8.3.
53diff --git a/gdb/dwarf2-frame.c b/gdb/dwarf2-frame.c
54index 178ac44..dc5d3b3 100644
55--- a/gdb/dwarf2-frame.c
56+++ b/gdb/dwarf2-frame.c
57@@ -1488,7 +1488,7 @@ static ULONGEST
58 read_initial_length (bfd *abfd, const gdb_byte *buf,
59 unsigned int *bytes_read_ptr)
60 {
61- LONGEST result;
62+ ULONGEST result;
63
64 result = bfd_get_32 (abfd, buf);
65 if (result == 0xffffffff)
66@@ -1789,7 +1789,7 @@ decode_frame_entry_1 (struct comp_unit *unit, const gdb_byte *start,
67 {
68 struct gdbarch *gdbarch = get_objfile_arch (unit->objfile);
69 const gdb_byte *buf, *end;
70- LONGEST length;
71+ ULONGEST length;
72 unsigned int bytes_read;
73 int dwarf64_p;
74 ULONGEST cie_id;
75@@ -1800,15 +1800,15 @@ decode_frame_entry_1 (struct comp_unit *unit, const gdb_byte *start,
76 buf = start;
77 length = read_initial_length (unit->abfd, buf, &bytes_read);
78 buf += bytes_read;
79- end = buf + length;
80-
81- /* Are we still within the section? */
82- if (end > unit->dwarf_frame_buffer + unit->dwarf_frame_size)
83- return NULL;
84+ end = buf + (size_t) length;
85
86 if (length == 0)
87 return end;
88
89+ /* Are we still within the section? */
90+ if (end <= buf || end > unit->dwarf_frame_buffer + unit->dwarf_frame_size)
91+ return NULL;
92+
93 /* Distinguish between 32 and 64-bit encoded frame info. */
94 dwarf64_p = (bytes_read == 12);
95
96--
972.20.1
98
diff --git a/meta/recipes-devtools/gdb/gdb_8.3.bb b/meta/recipes-devtools/gdb/gdb_8.3.1.bb
index d70757a151..d70757a151 100644
--- a/meta/recipes-devtools/gdb/gdb_8.3.bb
+++ b/meta/recipes-devtools/gdb/gdb_8.3.1.bb