Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=morty 2018-01-07T17:10:09+00:00 2018-01-07T17:10:09+00:00 Thiruvadi Rajaraman trajaraman@mvista.com 2017-11-08T08:14:34+00:00 urn:sha1:9c53a526d0cc371a06c51a8e042dd5fe6784bbd3 Source: binutils-gdb.git MR: 76766 Type: Security Fix Disposition: Backport from binutils master ChangeID: f080669b4e6f7c9088e30858238da5f4315192f3 Description: PR22209, invalid memory read in find_abstract_instance_name This patch adds bounds checking for DW_FORM_ref_addr die refs, and calculates them relative to the first .debug_info section. See the big comment for why calculating relative to the current .debug_info section was wrong for relocatable object files. PR 22209 * dwarf2.c (struct comp_unit): Delete sec_info_ptr field. (find_abstract_instance_name): Calculate DW_FORM_ref_addr relative to stash->info_ptr_memory, and check die_ref is within that memory. Set info_ptr_end correctly when another CU is refd. Check die_ref for DW_FORM_ref4 etc. is within CU. Affects: <= 2.29 (From OE-Core rev: 592f315516e602bd9a9bdc3d116771528cd433d1) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-07T17:10:09+00:00 Thiruvadi Rajaraman trajaraman@mvista.com 2017-11-08T08:11:00+00:00 urn:sha1:7006ecaba3457fe48673b9c1da164a5165453eb0 Source: binutils-gdb.git MR: 76524 Type: Security Fix Disposition: Backport from binutils master ChangeID: 5f22a66eabb228b655605b964ecd350aee700806 Description: PR22187, infinite loop in find_abstract_instance_name This patch prevents the simple case of infinite recursion in find_abstract_instance_name by ensuring that the attributes being processed are not the same as the previous call. The patch also does a little cleanup, and leaves in place some changes to the nested_funcs array that I made when I wrongly thought looping might occur in scan_unit_for_symbols. PR 22187 * dwarf2.c (find_abstract_instance_name): Add orig_info_ptr and pname param. Return status. Make name const. Don't abort, return an error. Formatting. Exit if current info_ptr matches orig_info_ptr. Update callers. (scan_unit_for_symbols): Start at nesting_level of zero. Make nested_funcs an array of structs for extensibility. Formatting. Affects: <= 2.29 (From OE-Core rev: 3e88bb5e933ebbf9c3445bac1814dc0ac105bf45) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-07T17:10:09+00:00 Thiruvadi Rajaraman trajaraman@mvista.com 2017-11-08T07:08:06+00:00 urn:sha1:05281ec4a64e22b2c8fcaa153e0f03464800092c Source: binutils-gdb.git MR: 76278 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 05de8bcd22d8d0b54badcd3826cd370b3aed81de Description: x86: Guard against corrupted PLT There should be only one entry in PLT for a given symbol. Set howto to NULL after processing a PLT entry to guard against corrupted PLT so that the duplicated PLT entries are skipped. PR binutils/22170 Affects: <= 2.29 (From OE-Core rev: 51fc4c8d86bc7c567794305bcc08e5054e9e204a) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-07T17:10:09+00:00 Thiruvadi Rajaraman trajaraman@mvista.com 2017-09-21T15:05:41+00:00 urn:sha1:e7f53f5fe5f5977c2f5fe206052e8c6d0b3bd1a2 Source: binutils-gdb.git MR: 73893 Type: Security Fix Disposition: Backport from 'binutils-gdb.git/master' branch ChangeID: 94c3ef8c1fa2e84e84ad76fb45307848d98817c8 Description: PR 21665 : Fixed multiple heap based buffer overflow Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> (From OE-Core rev: a36978f0dd372ec836f63942f965652ca3716e3f) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-07T17:10:09+00:00 Thiruvadi Rajaraman trajaraman@mvista.com 2017-09-21T14:12:19+00:00 urn:sha1:ab884ff9a788aa9f1f844407e4cb1dac419447e5 Source: binutils-gdb.git MR: 73906 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 13858130a02bbe84744fd33ecbf2bbbd2360c09c Description: Fix address violation parsing a corrupt texhex format file. PR binutils/21670 * tekhex.c (getvalue): Check for the source pointer exceeding the end pointer before the first byte is read. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> (From OE-Core rev: 162fce9416dcde1a0b7edfbf772fa6e6e18c46a4) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-07T17:10:08+00:00 Thiruvadi Rajaraman trajaraman@mvista.com 2017-09-21T14:09:24+00:00 urn:sha1:525986d6c631d179956e1caaedacc1e40768883a Source: binutils-gdb.git MR: 74062 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 2ec9457275509bfd8dc9185fbdcd485192a82cca Description: Handle EITR records in VMS Alpha binaries with overlarge command length parameters. PR binutils/21579 * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> (From OE-Core rev: f8542a9cf50c8001f675f68e42234c306d8ce1e7) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-07T17:10:08+00:00 Thiruvadi Rajaraman trajaraman@mvista.com 2017-09-21T14:06:14+00:00 urn:sha1:9753c5aa54f54bb82a80dc9d5dc3e52d34bc8b91 Source: binutils-gdb.git MR: 73919 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: bd4a354c2a1bd14e26232fc88a736950aa19403a Description: Prevent address violation problem when disassembling corrupt aarch64 binary. PR binutils/21595 * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of range value. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> (From OE-Core rev: f48d4c21673c16760c5a9ff51934127339234f85) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-07T17:10:08+00:00 Thiruvadi Rajaraman trajaraman@mvista.com 2017-09-21T14:02:24+00:00 urn:sha1:1e97a1e6619a2fcb11b77eb117a79edeb552d66c Source: binutils-gdb.git MR: 73932 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: 49ad5f3244cd51ee6714c1b60cc1c3f84d7de7c8 Description: i386-dis: Add 2 tests with invalid bnd register PR binutils/21594 * testsuite/gas/i386/mpx.s: Add 2 tests with invalid bnd register. * testsuite/gas/i386/x86-64-mpx.s: Likewise. * testsuite/gas/i386/mpx.d: Updated. * testsuite/gas/i386/x86-64-mpx.d: Likewise. i386-dis: Check valid bnd register Since there are only 4 bnd registers, return "(bad)" for register number > 3. PR binutils/21594 * i386-dis.c (OP_E_register): Check valid bnd register. (OP_G): Likewise. Affects: <= 2.28 Author: H.J. Lu <hjl.tools@gmail.com> (From OE-Core rev: 98b66508f8b382f047d12df430b6e812a9336ab9) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-07T17:10:08+00:00 Thiruvadi Rajaraman trajaraman@mvista.com 2017-09-21T13:58:06+00:00 urn:sha1:5f6bb8fe3d884e8f272f3aca2486d0f68e384977 Source: binutils-gdb.git MR: 73958, 73945 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: a39fdc82900af3f5d6ae396c913ac902f4ef7f60 Description: Fix seg-faults in objdump when disassembling a corrupt versados binary. PR binutils/21591 * versados.c (versados_mkobject): Zero the allocated tdata structure. (process_otr): Check for an invalid offset in the otr structure. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> (From OE-Core rev: 7d46daa5e580e841f83b9070b3c84e87d8fd1181) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-07T17:10:08+00:00 Thiruvadi Rajaraman trajaraman@mvista.com 2017-09-21T13:54:44+00:00 urn:sha1:3daf8af9487915421311042a9339de8e19b2d472 Source: binutils-gdb.git MR: 73971 Type: Security Fix Disposition: Backport from binutils-2_29 ChangeID: fe0e1d0f234ed157135818c24f4270c34e093828 Description: Fix potential address violations when processing a corrupt Alpha VMA binary. PR binutils/21589 * vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the maximum value for the ascic pointer. Check that name processing does not read beyond this value. (_bfd_vms_slurp_etir): Add checks for attempts to read beyond the end of etir record. Affects: <= 2.28 Author: Nick Clifton <nickc@redhat.com> (From OE-Core rev: ea89dfe868085b463dfc24df78b49d1703989484) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>