summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPgowda <pgowda.cve@gmail.com>2022-06-29 10:54:39 +0530
committerSteve Sakoman <steve@sakoman.com>2022-06-29 07:35:39 -1000
commit4bc6bb36dba96a534998928959acf637f9360775 (patch)
tree4a99ba0d35ec45df4cb4181527a34a6981dbb47e
parent645a619524d04aa6a2029a2810e2d84dc751fc48 (diff)
downloadopenembedded-core-contrib-4bc6bb36dba96a534998928959acf637f9360775.tar.gz
binutils : CVE-2019-1010204
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a4fc266dbf77ed7ab83da16468e9ba627b8bc2d] Signed-off-by: Pgowda <pgowda.cve@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0c55355a83130c2c0a59e9fb94f8914499943dd4) Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.38.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/0014-CVE-2019-1010204.patch49
2 files changed, 50 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index dc0a2a4054..a069071c97 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -32,5 +32,6 @@ SRC_URI = "\
file://0011-sync-with-OE-libtool-changes.patch \
file://0012-Check-for-clang-before-checking-gcc-version.patch \
file://0013-Avoid-as-info-race-condition.patch \
+ file://0014-CVE-2019-1010204.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0014-CVE-2019-1010204.patch b/meta/recipes-devtools/binutils/binutils/0014-CVE-2019-1010204.patch
new file mode 100644
index 0000000000..dad4a62038
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0014-CVE-2019-1010204.patch
@@ -0,0 +1,49 @@
+From 2a4fc266dbf77ed7ab83da16468e9ba627b8bc2d Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 27 Jun 2022 13:07:40 +0100
+Subject: [PATCH] Have gold's File_read::do_read() function check the start
+ parameter
+
+ PR 23765
+ * fileread.cc (File_read::do_read): Check start parameter before
+ computing number of bytes to read.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a4fc266dbf77ed7ab83da16468e9ba627b8bc2d]
+
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ gold/ChangeLog | 6 ++++++
+ gold/fileread.cc | 6 ++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/gold/ChangeLog b/gold/ChangeLog
+index 5103dab7b67..8557dc6db7f 100644
+--- a/gold/ChangeLog
++++ b/gold/ChangeLog
+@@ -1,3 +1,9 @@
++2022-06-27 Nick Clifton <nickc@redhat.com>
++
++ PR 23765
++ * fileread.cc (File_read::do_read): Check start parameter before
++ computing number of bytes to read.
++
+ 2022-02-17 Nick Clifton <nickc@redhat.com>
+
+ * po/sr.po: Updated Serbian translation.
+diff --git a/gold/fileread.cc b/gold/fileread.cc
+index 2b653f78c2e..af2df215468 100644
+--- a/gold/fileread.cc
++++ b/gold/fileread.cc
+@@ -385,6 +385,12 @@ File_read::do_read(off_t start, section_
+ ssize_t bytes;
+ if (this->whole_file_view_ != NULL)
+ {
++ // See PR 23765 for an example of a testcase that triggers this error.
++ if (((ssize_t) start) < 0)
++ gold_fatal(_("%s: read failed, starting offset (%#llx) less than zero"),
++ this->filename().c_str(),
++ static_cast<long long>(start));
++
+ bytes = this->size_ - start;
+ if (static_cast<section_size_type>(bytes) >= size)
+ {