diff options
| author | Yash Shinde <Yash.Shinde@windriver.com> | 2025-01-30 03:35:44 -0800 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-02-05 06:54:35 -0800 |
| commit | 57be589ed22eb813e3338d29ecac1a9c7924249a (patch) | |
| tree | 6d80fb29e9d51cc777d0518a661f5e985c979053 | |
| parent | 7e19a678138ab7dd7fcfe92c700c36674f347b82 (diff) | |
| download | poky-57be589ed22eb813e3338d29ecac1a9c7924249a.tar.gz | |
gdb: Fix CVE-2024-53589
CVE: CVE-2024-53589
(From OE-Core rev: 4ddd1e5aea1c4b84a6c4e1db5ded4938c4a35393)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-devtools/gdb/gdb.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/gdb/gdb/0014-CVE-2024-53589.patch | 92 |
2 files changed, 93 insertions, 0 deletions
diff --git a/meta/recipes-devtools/gdb/gdb.inc b/meta/recipes-devtools/gdb/gdb.inc index 6c9fe60cab..84cc65f79b 100644 --- a/meta/recipes-devtools/gdb/gdb.inc +++ b/meta/recipes-devtools/gdb/gdb.inc | |||
| @@ -17,5 +17,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \ | |||
| 17 | file://0011-CVE-2023-39128.patch \ | 17 | file://0011-CVE-2023-39128.patch \ |
| 18 | file://0012-CVE-2023-39129.patch \ | 18 | file://0012-CVE-2023-39129.patch \ |
| 19 | file://0013-CVE-2023-39130.patch \ | 19 | file://0013-CVE-2023-39130.patch \ |
| 20 | file://0014-CVE-2024-53589.patch \ | ||
| 20 | " | 21 | " |
| 21 | SRC_URI[sha256sum] = "1497c36a71881b8671a9a84a0ee40faab788ca30d7ba19d8463c3cc787152e32" | 22 | SRC_URI[sha256sum] = "1497c36a71881b8671a9a84a0ee40faab788ca30d7ba19d8463c3cc787152e32" |
diff --git a/meta/recipes-devtools/gdb/gdb/0014-CVE-2024-53589.patch b/meta/recipes-devtools/gdb/gdb/0014-CVE-2024-53589.patch new file mode 100644 index 0000000000..380112a3ba --- /dev/null +++ b/meta/recipes-devtools/gdb/gdb/0014-CVE-2024-53589.patch | |||
| @@ -0,0 +1,92 @@ | |||
| 1 | Author: Alan Modra <amodra@gmail.com> | ||
| 2 | Date: Mon Nov 11 10:24:09 2024 +1030 | ||
| 3 | |||
| 4 | Re: tekhex object file output fixes | ||
| 5 | |||
| 6 | Commit 8b5a212495 supported *ABS* symbols by allowing "section" to be | ||
| 7 | bfd_abs_section, but bfd_abs_section needs to be treated specially. | ||
| 8 | In particular, bfd_get_next_section_by_name (.., bfd_abs_section_ptr) | ||
| 9 | is invalid. | ||
| 10 | |||
| 11 | PR 32347 | ||
| 12 | * tekhex.c (first_phase): Guard against modification of | ||
| 13 | _bfd_std_section[] entries. | ||
| 14 | |||
| 15 | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88] | ||
| 16 | CVE: CVE-2024-53589 | ||
| 17 | |||
| 18 | Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> | ||
| 19 | |||
| 20 | diff --git a/bfd/tekhex.c b/bfd/tekhex.c | ||
| 21 | index aea2ebb23df..b305c1f96f1 100644 | ||
| 22 | --- a/bfd/tekhex.c | ||
| 23 | +++ b/bfd/tekhex.c | ||
| 24 | @@ -361,6 +361,7 @@ first_phase (bfd *abfd, int type, char *src, char * src_end) | ||
| 25 | { | ||
| 26 | asection *section, *alt_section; | ||
| 27 | unsigned int len; | ||
| 28 | + bfd_vma addr; | ||
| 29 | bfd_vma val; | ||
| 30 | char sym[17]; /* A symbol can only be 16chars long. */ | ||
| 31 | |||
| 32 | @@ -368,20 +369,16 @@ first_phase (bfd *abfd, int type, char *src, char * src_end) | ||
| 33 | { | ||
| 34 | case '6': | ||
| 35 | /* Data record - read it and store it. */ | ||
| 36 | - { | ||
| 37 | - bfd_vma addr; | ||
| 38 | - | ||
| 39 | - if (!getvalue (&src, &addr, src_end)) | ||
| 40 | - return false; | ||
| 41 | - | ||
| 42 | - while (*src && src < src_end - 1) | ||
| 43 | - { | ||
| 44 | - insert_byte (abfd, HEX (src), addr); | ||
| 45 | - src += 2; | ||
| 46 | - addr++; | ||
| 47 | - } | ||
| 48 | - return true; | ||
| 49 | - } | ||
| 50 | + if (!getvalue (&src, &addr, src_end)) | ||
| 51 | + return false; | ||
| 52 | + | ||
| 53 | + while (*src && src < src_end - 1) | ||
| 54 | + { | ||
| 55 | + insert_byte (abfd, HEX (src), addr); | ||
| 56 | + src += 2; | ||
| 57 | + addr++; | ||
| 58 | + } | ||
| 59 | + return true; | ||
| 60 | |||
| 61 | case '3': | ||
| 62 | /* Symbol record, read the segment. */ | ||
| 63 | @@ -406,13 +403,16 @@ first_phase (bfd *abfd, int type, char *src, char * src_end) | ||
| 64 | { | ||
| 65 | case '1': /* Section range. */ | ||
| 66 | src++; | ||
| 67 | - if (!getvalue (&src, §ion->vma, src_end)) | ||
| 68 | + if (!getvalue (&src, &addr, src_end)) | ||
| 69 | return false; | ||
| 70 | if (!getvalue (&src, &val, src_end)) | ||
| 71 | return false; | ||
| 72 | - if (val < section->vma) | ||
| 73 | - val = section->vma; | ||
| 74 | - section->size = val - section->vma; | ||
| 75 | + if (bfd_is_const_section (section)) | ||
| 76 | + break; | ||
| 77 | + section->vma = addr; | ||
| 78 | + if (val < addr) | ||
| 79 | + val = addr; | ||
| 80 | + section->size = val - addr; | ||
| 81 | /* PR 17512: file: objdump-s-endless-loop.tekhex. | ||
| 82 | Check for overlarge section sizes. */ | ||
| 83 | if (section->size & 0x80000000) | ||
| 84 | @@ -455,6 +455,8 @@ first_phase (bfd *abfd, int type, char *src, char * src_end) | ||
| 85 | new_symbol->symbol.flags = BSF_LOCAL; | ||
| 86 | if (stype == '2' || stype == '6') | ||
| 87 | new_symbol->symbol.section = bfd_abs_section_ptr; | ||
| 88 | + else if (bfd_is_const_section (section)) | ||
| 89 | + ; | ||
| 90 | else if (stype == '3' || stype == '7') | ||
| 91 | { | ||
| 92 | if ((section->flags & SEC_DATA) == 0) | ||