From b8ce258f15d793a29dd19d81a662e2ecefd8d202 Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Sat, 31 Aug 2019 14:15:49 -0700 Subject: gcc-9.2: Security fix for CVE-2019-14250 Affects: <= 9.2 (From OE-Core rev: af761de211ecdcb358c6412f9e7e3398b7525cf2) Signed-off-by: Armin Kuster Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie --- .../gcc/gcc-9.2/CVE-2019-14250.patch | 44 ++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 meta/recipes-devtools/gcc/gcc-9.2/CVE-2019-14250.patch (limited to 'meta/recipes-devtools/gcc/gcc-9.2/CVE-2019-14250.patch') diff --git a/meta/recipes-devtools/gcc/gcc-9.2/CVE-2019-14250.patch b/meta/recipes-devtools/gcc/gcc-9.2/CVE-2019-14250.patch new file mode 100644 index 0000000000..65ea34558a --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc-9.2/CVE-2019-14250.patch @@ -0,0 +1,44 @@ +From 517b211a3d78366ca8d5929f580e8ca72fd2c004 Mon Sep 17 00:00:00 2001 +From: rguenth +Date: Thu, 25 Jul 2019 10:46:54 +0000 +Subject: [PATCH] 2019-07-25 Richard Biener + + PR lto/90924 + Backport from mainline + 2019-07-12 Ren Kimura + + * simple-object-elf.c (simple_object_elf_match): Check zero value + shstrndx. + + +git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-9-branch@273793 138bc75d-0d04-0410-961f-82ee72b054a4 + +Upstream-Status: Backport +Affectes: < 9.2 +CVE: CVE-2019-14250 +Dropped changelog +Signed-off-by: Armin Kuster + +--- + libiberty/simple-object-elf.c | 8 ++++++++ + 2 files changed, 17 insertions(+) + +Index: gcc-9.2.0/libiberty/simple-object-elf.c +=================================================================== +--- gcc-9.2.0.orig/libiberty/simple-object-elf.c ++++ gcc-9.2.0/libiberty/simple-object-elf.c +@@ -557,6 +557,14 @@ simple_object_elf_match (unsigned char h + return NULL; + } + ++ if (eor->shstrndx == 0) ++ { ++ *errmsg = "invalid ELF shstrndx == 0"; ++ *err = 0; ++ XDELETE (eor); ++ return NULL; ++ } ++ + return (void *) eor; + } + -- cgit v1.2.3-54-g00ecf