summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDeepthi Hemraj <Deepthi.Hemraj@windriver.com>2023-11-21 03:42:55 -0800
committerSteve Sakoman <steve@sakoman.com>2023-11-28 05:00:32 -1000
commitc771630e99e09b679d04979e14e742ee56ca7ad9 (patch)
treeee3f9810b4a5b9a87d4c578520e7b5a30e5ed775
parent39aa7af59b14de71709cb56fdd3425c1001ce8de (diff)
downloadpoky-c771630e99e09b679d04979e14e742ee56ca7ad9.tar.gz
binutils: Fix CVE-2022-48064
(From OE-Core rev: 88cbf5eb4a075e677b1f9e6444ec6378a5949978) Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.38.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch57
2 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index dc29141812..3787063cba 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -68,5 +68,6 @@ SRC_URI = "\
68 file://CVE-2022-48063.patch \ 68 file://CVE-2022-48063.patch \
69 file://0032-CVE-2022-47010.patch \ 69 file://0032-CVE-2022-47010.patch \
70 file://0033-CVE-2022-47007.patch \ 70 file://0033-CVE-2022-47007.patch \
71 file://0034-CVE-2022-48064.patch \
71" 72"
72S = "${WORKDIR}/git" 73S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch b/meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch
new file mode 100644
index 0000000000..b0840366c7
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch
@@ -0,0 +1,57 @@
1From: Alan Modra <amodra@gmail.com>
2Date: Tue, 20 Dec 2022 13:17:03 +0000 (+1030)
3Subject: PR29922, SHT_NOBITS section avoids section size sanity check
4X-Git-Tag: binutils-2_40~202
5X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8f2c64de86bc3d7556121fe296dd679000283931
6
7PR29922, SHT_NOBITS section avoids section size sanity check
8
9 PR 29922
10 * dwarf2.c (find_debug_info): Ignore sections without
11 SEC_HAS_CONTENTS.
12
13Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8f2c64de86bc3d7556121fe296dd679000283931]
14
15CVE: CVE-2022-48064
16
17Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
18
19---
20
21diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
22index 95f45708e9d..0cd8152ee6e 100644
23--- a/bfd/dwarf2.c
24+++ b/bfd/dwarf2.c
25@@ -4831,16 +4831,19 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
26 {
27 look = debug_sections[debug_info].uncompressed_name;
28 msec = bfd_get_section_by_name (abfd, look);
29- if (msec != NULL)
30+ /* Testing SEC_HAS_CONTENTS is an anti-fuzzer measure. Of
31+ course debug sections always have contents. */
32+ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
33 return msec;
34
35 look = debug_sections[debug_info].compressed_name;
36 msec = bfd_get_section_by_name (abfd, look);
37- if (msec != NULL)
38+ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
39 return msec;
40
41 for (msec = abfd->sections; msec != NULL; msec = msec->next)
42- if (startswith (msec->name, GNU_LINKONCE_INFO))
43+ if ((msec->flags & SEC_HAS_CONTENTS) != 0
44+ && startswith (msec->name, GNU_LINKONCE_INFO))
45 return msec;
46
47 return NULL;
48@@ -4848,6 +4851,9 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
49
50 for (msec = after_sec->next; msec != NULL; msec = msec->next)
51 {
52+ if ((msec->flags & SEC_HAS_CONTENTS) == 0)
53+ continue;
54+
55 look = debug_sections[debug_info].uncompressed_name;
56 if (strcmp (msec->name, look) == 0)
57 return msec;