diff options
| author |   Zhixiong Chi <zhixiong.chi@windriver.com> | 2018-11-05 22:43:41 -0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-11-08 22:21:01 +0000 |
| commit | 84bb9c0514ecbd7c31935c22062b18b4aaefbef1 (patch) | |
| tree | 4c580ee03db73b4d4baebc7dd1bc576ef9732571 /meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch | |
| parent | bb06900a1f29fdd4066f6d7e7a961d230c2e9438 (diff) | |
| download | openembedded-core-contrib-84bb9c0514ecbd7c31935c22062b18b4aaefbef1.tar.gz | |
binutils: fix four CVE issues
Backport the CVE patches from the binutils upstream.
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch')
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch new file mode 100644 index 0000000000..38225d171e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch @@ -0,0 +1,77 @@ +From 102def4da826b3d9e169741421e5e67e8731909a Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 23 Oct 2018 18:30:22 +1030 +Subject: [PATCH] PR23805, NULL pointer dereference in elf_link_input_bfd + + PR 23805 + * elflink.c (elf_link_input_bfd): Don't segfault on finding + STT_TLS symbols without any TLS sections. Instead, change the + symbol type to STT_NOTYPE. + +Upstream-Status: Backport +CVE: CVE-2018-18606 +Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> +--- + bfd/ChangeLog | 7 +++++++ + bfd/elflink.c | 20 ++++++++++++++------ + 2 files changed, 21 insertions(+), 6 deletions(-) + +diff --git a/bfd/ChangeLog b/bfd/ChangeLog +index da423b1..1f3fc1c 100644 +--- a/bfd/ChangeLog ++++ b/bfd/ChangeLog +@@ -1,5 +1,12 @@ + 2018-10-23 Alan Modra <amodra@gmail.com> + ++ PR 23805 ++ * elflink.c (elf_link_input_bfd): Don't segfault on finding ++ STT_TLS symbols without any TLS sections. Instead, change the ++ symbol type to STT_NOTYPE. ++ ++2018-10-23 Alan Modra <amodra@gmail.com> ++ + PR 23806 + * merge.c (_bfd_add_merge_section): Don't attempt to merge + sections with ridiculously large alignments. +diff --git a/bfd/elflink.c b/bfd/elflink.c +index c3876cb..87440db 100644 +--- a/bfd/elflink.c ++++ b/bfd/elflink.c +@@ -10489,8 +10489,11 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd) + if (ELF_ST_TYPE (osym.st_info) == STT_TLS) + { + /* STT_TLS symbols are relative to PT_TLS segment base. */ +- BFD_ASSERT (elf_hash_table (flinfo->info)->tls_sec != NULL); +- osym.st_value -= elf_hash_table (flinfo->info)->tls_sec->vma; ++ if (elf_hash_table (flinfo->info)->tls_sec != NULL) ++ osym.st_value -= elf_hash_table (flinfo->info)->tls_sec->vma; ++ else ++ osym.st_info = ELF_ST_INFO (ELF_ST_BIND (osym.st_info), ++ STT_NOTYPE); + } + } + +@@ -11046,12 +11049,17 @@ elf_link_input_bfd (struct elf_final_link_info *flinfo, bfd *input_bfd) + sym.st_value += osec->vma; + if (ELF_ST_TYPE (sym.st_info) == STT_TLS) + { ++ struct elf_link_hash_table *htab ++ = elf_hash_table (flinfo->info); ++ + /* STT_TLS symbols are relative to PT_TLS + segment base. */ +- BFD_ASSERT (elf_hash_table (flinfo->info) +- ->tls_sec != NULL); +- sym.st_value -= (elf_hash_table (flinfo->info) +- ->tls_sec->vma); ++ if (htab->tls_sec != NULL) ++ sym.st_value -= htab->tls_sec->vma; ++ else ++ sym.st_info ++ = ELF_ST_INFO (ELF_ST_BIND (sym.st_info), ++ STT_NOTYPE); + } + } + +-- +2.9.3 |