diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch deleted file mode 100644 index 1fe05d310e..0000000000 --- a/meta/recipes-devtools/binutils/binutils/CVE-2019-17451.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0192438051a7e781585647d5581a2a6f62fda362 Mon Sep 17 00:00:00 2001 -From: Alan Modra <amodra@gmail.com> -Date: Wed, 9 Oct 2019 10:47:13 +1030 -Subject: [PATCH] PR25070, SEGV in function _bfd_dwarf2_find_nearest_line - -Selectively backporting fix for bfd/dwarf2.c, but not the ChangeLog -file. There are newer versions of binutils, but none of them contain the -commit fixing CVE-2019-17451, so backport it to master and zeus. - -Upstream-Status: Backport -[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=336bfbeb1848] -CVE: CVE-2019-17451 -Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> - - -Evil testcase with two debug info sections, with sizes of 2aaaabac4ec1 -and ffffd5555453b140 result in a total size of 1. Reading the first -section of course overflows the buffer and tramples on other memory. - - PR 25070 - * dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of - total_size calculation. ---- - bfd/dwarf2.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - ---- a/bfd/dwarf2.c -+++ b/bfd/dwarf2.c -@@ -4439,7 +4439,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, - for (total_size = 0; - msec; - msec = find_debug_info (debug_bfd, debug_sections, msec)) -- total_size += msec->size; -+ { -+ /* Catch PR25070 testcase overflowing size calculation here. */ -+ if (total_size + msec->size < total_size -+ || total_size + msec->size < msec->size) -+ { -+ bfd_set_error (bfd_error_no_memory); -+ return FALSE; -+ } -+ total_size += msec->size; -+ } - - stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size); - if (stash->info_ptr_memory == NULL) |