blob: d6b6a142549acc594785a133764f8e6091076dbb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
commit ab27f80c5dceaa23c4ba7f62c0d5d22a5d5dd7a1
Author: Pedro Alves <palves@redhat.com>
Date: Tue Jun 27 00:21:25 2017 +0100
Fix GDB regressions caused by previous bfd_get_section_contents changes
Ref: https://sourceware.org/ml/binutils/2017-06/msg00343.html
bfd/ChangeLog:
2017-06-26 Pedro Alves <palves@redhat.com>
PR binutils/21665
* libbfd.c (_bfd_generic_get_section_contents): Add "count", not
"sz".
Upstream-Status: Backport
CVE: CVE-2017-9955
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Index: git/bfd/libbfd.c
===================================================================
--- git.orig/bfd/libbfd.c 2017-09-21 18:01:58.079078554 +0530
+++ git/bfd/libbfd.c 2017-09-21 18:01:58.063078433 +0530
@@ -810,7 +810,7 @@
}
if (offset + count < count
|| offset + count > sz
- || (section->filepos + offset + sz) > (bfd_size_type) filesz)
+ || (section->filepos + offset + count) > (bfd_size_type) filesz)
{
bfd_set_error (bfd_error_invalid_operation);
return FALSE;
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog 2017-09-21 18:01:32.258884464 +0530
+++ git/bfd/ChangeLog 2017-09-21 18:03:42.955872017 +0530
@@ -11,6 +11,12 @@
of end pointer.
(evax_bfd_print_emh): Check for invalid string lengths.
+2017-06-26 Pedro Alves <palves@redhat.com>
+
+ PR binutils/21665
+ * libbfd.c (_bfd_generic_get_section_contents): Add "count", not
+ "sz".
+
2017-06-26 H.J. Lu <hongjiu.lu@intel.com>
PR binutils/21665
|