diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-04 13:59:36 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-01-07 17:09:44 +0000 |
commit | ba01ee6899c8d36e6469f6d02d40866fb0502af9 (patch) | |
tree | 3368373d644eeeb2e86f90b53d6faf0595f67f22 | |
parent | 54992e752e396fc5b3bc5b067cfc4741f1176bb3 (diff) | |
download | openembedded-core-ba01ee6899c8d36e6469f6d02d40866fb0502af9.tar.gz |
binutils: CVE-2017-7225
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74296
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: d2cf3ab15c89351c941c92e4cdf28c2bfa9dcda8
Description:
Fix seg-fault running addr2line on a corrupt binary.
PR binutils/20891
* aoutx.h (find_nearest_line): Handle the case where the main file
name and the directory name are both empty.
Affects: <= 2.29
Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch | 66 |
2 files changed, 67 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 82b9be774f..4833552ca9 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc @@ -61,6 +61,7 @@ SRC_URI = "\ file://CVE-2017-12450_12452_12453_12454_12456.patch \ file://CVE-2017-7223.patch \ file://CVE-2017-7224.patch \ + file://CVE-2017-7225.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch new file mode 100644 index 0000000000..699905a4d0 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7225.patch @@ -0,0 +1,66 @@ +commit 50455f1ab2935f7321215dfa681745c9b1cb5b19 +Author: Nick Clifton <nickc@redhat.com> +Date: Thu Dec 1 10:15:07 2016 +0000 + + Fix seg-fault running addr2line on a corrupt binary. + + PR binutils/20891 + * aoutx.h (find_nearest_line): Handle the case where the main file + name and the directory name are both empty. + +Upstream-Status: backport + +CVE: CVE-2017-7225 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog 2017-09-04 13:04:20.941485636 +0530 ++++ git/bfd/ChangeLog 2017-09-04 13:08:05.003175703 +0530 +@@ -120,6 +120,12 @@ + * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over + the end of the string buffer. + ++2016-12-01 Nick Clifton <nickc@redhat.com> ++ ++ PR binutils/20891 ++ * aoutx.h (find_nearest_line): Handle the case where the main file ++ name and the directory name are both empty. ++ + PR binutils/20892 + * aoutx.h (find_nearest_line): Handle the case where the function + name is empty. +Index: git/bfd/aoutx.h +=================================================================== +--- git.orig/bfd/aoutx.h 2017-09-04 13:04:20.941485636 +0530 ++++ git/bfd/aoutx.h 2017-09-04 13:10:55.856441243 +0530 +@@ -2663,7 +2663,7 @@ + char *buf; + + *filename_ptr = abfd->filename; +- *functionname_ptr = 0; ++ *functionname_ptr = NULL; + *line_ptr = 0; + if (disriminator_ptr) + *disriminator_ptr = 0; +@@ -2808,9 +2808,17 @@ + *filename_ptr = main_file_name; + else + { +- sprintf (buf, "%s%s", directory_name, main_file_name); +- *filename_ptr = buf; +- buf += filelen + 1; ++ if (buf == NULL) ++ /* PR binutils/20891: In a corrupt input file both ++ main_file_name and directory_name can be empty... */ ++ * filename_ptr = NULL; ++ else ++ { ++ snprintf (buf, filelen + 1, "%s%s", directory_name, ++ main_file_name); ++ *filename_ptr = buf; ++ buf += filelen + 1; ++ } + } + } + |