aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils/binutils/CVE-2019-14444.patch
blob: 499cf0e046c41b3f8a286ce715261b937f1b76b8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Mon, 5 Aug 2019 10:40:35 +0100
Subject: [PATCH] Catch potential integer overflow in readelf when processing
 corrupt binaries.

	PR 24829
	* readelf.c (apply_relocations): Catch potential integer overflow
	whilst checking reloc location against section size.

Upstream-Status: Backport
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7
CVE: CVE-2019-14444
Dropped changelog
Signed-off-by: Armin Kuster <akuster@mvista.com>

---
 binutils/readelf.c | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

Index: git/binutils/readelf.c
===================================================================
--- git.orig/binutils/readelf.c
+++ git/binutils/readelf.c
@@ -13113,7 +13113,7 @@ apply_relocations (Filedata *
 	    }
 
 	  rloc = start + rp->r_offset;
-	  if ((rloc + reloc_size) > end || (rloc < start))
+	  if (rloc >= end || (rloc + reloc_size) > end || (rloc < start))
 	    {
 	      warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
 		    (unsigned long) rp->r_offset,