gcc: Security fix for CVE-2019-14250

Source: gcc.org MR: 99120 Type: Security Fix Disposition: Backport from https://gcc.gnu.org/viewcvs?rev=273794&root=gcc&view=rev ChangeID: 28ab763c18f1543607181cd9657f45f7752b6fcb Description: Affects < 9.2 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster@mvista.com> 2019-08-31 08:40:01 -0700
committer: Armin Kuster <akuster808@gmail.com> 2019-09-04 09:29:20 -0700
commit: 79205966072bb6179d96b3af5aabc521da83e841 (patch)
tree: 15a11eeffc2f4d6e0fe2ac3872f3083c452d16fe
parent: fac2d3846dadfda256e94500bdf33f546a8d1fb4 (diff)
download: openembedded-core-contrib-79205966072bb6179d96b3af5aabc521da83e841.tar.gz
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-devtools/gcc/gcc-8.2.inc b/meta/recipes-devtools/gcc/gcc-8.2.inc
index 866a77558b..bd95ccda09 100644
--- a/meta/recipes-devtools/gcc/gcc-8.2.inc
+++ b/meta/recipes-devtools/gcc/gcc-8.2.inc
@@ -73,6 +73,7 @@ SRC_URI = "\
            ${BACKPORTS} \
 "
 BACKPORTS = "\
+           file://CVE-2019-14250.patch \
 "
 SRC_URI[md5sum] = "4ab282f414676496483b3e1793d07862"
 SRC_URI[sha256sum] = "196c3c04ba2613f893283977e6011b2345d1cd1af9abeac58e916b1aab3e0080"
diff --git a/meta/recipes-devtools/gcc/gcc-8.2/CVE-2019-14250.patch b/meta/recipes-devtools/gcc/gcc-8.2/CVE-2019-14250.patch
new file mode 100644
index 0000000000..e327684e16
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-8.2/CVE-2019-14250.patch
@@ -0,0 +1,44 @@
+From a4f1b58eb48b349a5f353bc69c30be553506d33b Mon Sep 17 00:00:00 2001
+From: rguenth <rguenth@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Thu, 25 Jul 2019 10:48:26 +0000
+Subject: [PATCH] 2019-07-25  Richard Biener  <rguenther@suse.de>
+
+	PR lto/90924
+	Backport from mainline
+	2019-07-12  Ren Kimura  <rkx1209dev@gmail.com>
+
+	* simple-object-elf.c (simple_object_elf_match): Check zero value
+	shstrndx.
+
+
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-8-branch@273794 138bc75d-0d04-0410-961f-82ee72b054a4
+
+Upstream-Status: Backport
+Affectes: <  9.2
+CVE: CVE-2019-14250
+Dropped changelog
+Signed-off-by: Armin Kuster <Akustre@mvista.com>
+
+---
+ libiberty/simple-object-elf.c | 8 ++++++++
+ 2 files changed, 17 insertions(+)
+
+Index: gcc-8.2.0/libiberty/simple-object-elf.c
+===================================================================
+--- gcc-8.2.0.orig/libiberty/simple-object-elf.c
++++ gcc-8.2.0/libiberty/simple-object-elf.c
+@@ -549,6 +549,14 @@ simple_object_elf_match (unsigned char h
+       return NULL;
+     }
+ 
++  if (eor->shstrndx == 0)
++    {
++      *errmsg = "invalid ELF shstrndx == 0";
++      *err = 0;
++      XDELETE (eor);
++      return NULL;
++    }
++
+   return (void *) eor;
+ }
+
author	Armin Kuster <akuster@mvista.com>	2019-08-31 08:40:01 -0700
committer	Armin Kuster <akuster808@gmail.com>	2019-09-04 09:29:20 -0700
commit	79205966072bb6179d96b3af5aabc521da83e841 (patch)
tree	15a11eeffc2f4d6e0fe2ac3872f3083c452d16fe
parent	fac2d3846dadfda256e94500bdf33f546a8d1fb4 (diff)
download	openembedded-core-contrib-79205966072bb6179d96b3af5aabc521da83e841.tar.gz