From 9be7b4f3db6243fc2a557ad63543173f2b1f5d86 Mon Sep 17 00:00:00 2001
From: Armin Kuster <akuster@mvista.com>
Date: Mon, 6 Aug 2018 14:02:09 -0700
Subject: binutls: Security fix CVE-2017-14933

Affects: <= 2.29.1

(From OE-Core rev: 16cdbc7504cc14547bb99ed742484ae9e658ec6e)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../binutils/binutils/CVE-2017-14933_p2.patch      | 102 +++++++++++++++++++++
 1 file changed, 102 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch

(limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch')

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch
new file mode 100644
index 0000000000..607d92f3d4
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-14933_p2.patch
@@ -0,0 +1,102 @@
+From 33e0a9a056bd23e923b929a4f2ab049ade0b1c32 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 26 Sep 2017 23:20:06 +0930
+Subject: [PATCH] Tidy reading data in read_formatted_entries
+
+Using read_attribute_value accomplishes two things: It checks for
+unexpected formats, and ensures the buffer pointer always increments.
+
+	PR 22210
+	* dwarf2.c (read_formatted_entries): Use read_attribute_value to
+	read data.
+
+Upstream-Status: Backport
+Affects: <= 2.29.1
+CVE: CVE-2017-14933 #2
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog |  6 ++++++
+ bfd/dwarf2.c  | 37 +++++++------------------------------
+ 2 files changed, 13 insertions(+), 30 deletions(-)
+
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-09-26  Alan Modra  <amodra@gmail.com>
++
++	PR 22210
++	* dwarf2.c (read_formatted_entries): Use read_attribute_value to
++	read data.
++
+ 2017-09-26  Nick Clifton  <nickc@redhat.com>
+ 
+ 	PR 22210
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -1955,6 +1955,7 @@ read_formatted_entries (struct comp_unit
+ 	  char *string_trash;
+ 	  char **stringp = &string_trash;
+ 	  unsigned int uint_trash, *uintp = &uint_trash;
++	  struct attribute attr;
+ 
+ 	  content_type = _bfd_safe_read_leb128 (abfd, format, &bytes_read,
+ 						FALSE, buf_end);
+@@ -1986,47 +1987,23 @@ read_formatted_entries (struct comp_unit
+ 	  form = _bfd_safe_read_leb128 (abfd, format, &bytes_read, FALSE,
+ 					buf_end);
+ 	  format += bytes_read;
++
++	  buf = read_attribute_value (&attr, form, 0, unit, buf, buf_end);
++	  if (buf == NULL)
++	    return FALSE;
+ 	  switch (form)
+ 	    {
+ 	    case DW_FORM_string:
+-	      *stringp = read_string (abfd, buf, buf_end, &bytes_read);
+-	      buf += bytes_read;
+-	      break;
+-
+ 	    case DW_FORM_line_strp:
+-	      *stringp = read_indirect_line_string (unit, buf, buf_end, &bytes_read);
+-	      buf += bytes_read;
++	      *stringp = attr.u.str;
+ 	      break;
+ 
+ 	    case DW_FORM_data1:
+-	      *uintp = read_1_byte (abfd, buf, buf_end);
+-	      buf += 1;
+-	      break;
+-
+ 	    case DW_FORM_data2:
+-	      *uintp = read_2_bytes (abfd, buf, buf_end);
+-	      buf += 2;
+-	      break;
+-
+ 	    case DW_FORM_data4:
+-	      *uintp = read_4_bytes (abfd, buf, buf_end);
+-	      buf += 4;
+-	      break;
+-
+ 	    case DW_FORM_data8:
+-	      *uintp = read_8_bytes (abfd, buf, buf_end);
+-	      buf += 8;
+-	      break;
+-
+ 	    case DW_FORM_udata:
+-	      *uintp = _bfd_safe_read_leb128 (abfd, buf, &bytes_read, FALSE,
+-					      buf_end);
+-	      buf += bytes_read;
+-	      break;
+-
+-	    case DW_FORM_block:
+-	      /* It is valid only for DW_LNCT_timestamp which is ignored by
+-		 current GDB.  */
++	      *uintp = attr.u.val;
+ 	      break;
+ 	    }
+ 	}
-- 
cgit v1.2.3-54-g00ecf