diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch new file mode 100644 index 0000000000..2cae63b4fc --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch @@ -0,0 +1,80 @@ +From 60a02042bacf8d25814430080adda61ed086bca6 Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Fri, 30 Jun 2017 11:03:37 +0100 +Subject: [PATCH] Fix failures in MMIX linker tests introduced by fix for PR + 21665. + + PR binutils/21665 + * objdump.c (disassemble_section): Move check for an overlarge + section to just before the allocation of memory. Do not check + section size against file size, but instead use an arbitrary 2Gb + limit. Issue a warning message if the section is too big. + +Upstream-Status: Backport +CVE: CVE-2017-9955 #7 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + binutils/ChangeLog | 8 ++++++++ + binutils/objdump.c | 25 ++++++++++++++++++++++++- + 2 files changed, 32 insertions(+), 1 deletion(-) + +Index: git/binutils/objdump.c +=================================================================== +--- git.orig/binutils/objdump.c ++++ git/binutils/objdump.c +@@ -2048,7 +2048,7 @@ disassemble_section (bfd *abfd, asection + return; + + datasize = bfd_get_section_size (section); +- if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd)) ++ if (datasize == 0) + return; + + if (start_address == (bfd_vma) -1 +@@ -2112,6 +2112,29 @@ disassemble_section (bfd *abfd, asection + } + rel_ppend = rel_pp + rel_count; + ++ /* PR 21665: Check for overlarge datasizes. ++ Note - we used to check for "datasize > bfd_get_file_size (abfd)" but ++ this fails when using compressed sections or compressed file formats ++ (eg MMO, tekhex). ++ ++ The call to xmalloc below will fail if too much memory is requested, ++ which will catch the problem in the normal use case. But if a memory ++ checker is in use, eg valgrind or sanitize, then an exception will ++ be still generated, so we try to catch the problem first. ++ ++ Unfortunately there is no simple way to determine how much memory can ++ be allocated by calling xmalloc. So instead we use a simple, arbitrary ++ limit of 2Gb. Hopefully this should be enough for most users. If ++ someone does start trying to disassemble sections larger then 2Gb in ++ size they will doubtless complain and we can increase the limit. */ ++#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */ ++ if (datasize > MAX_XMALLOC) ++ { ++ non_fatal (_("Reading section %s failed because it is too big (%#lx)"), ++ section->name, (unsigned long) datasize); ++ return; ++ } ++ + data = (bfd_byte *) xmalloc (datasize); + + bfd_get_section_contents (abfd, section, data, 0, datasize); +Index: git/binutils/ChangeLog +=================================================================== +--- git.orig/binutils/ChangeLog ++++ git/binutils/ChangeLog +@@ -1,3 +1,11 @@ ++2017-06-30 Nick Clifton <nickc@redhat.com> ++ ++ PR binutils/21665 ++ * objdump.c (disassemble_section): Move check for an overlarge ++ section to just before the allocation of memory. Do not check ++ section size against file size, but instead use an arbitrary 2Gb ++ limit. Issue a warning message if the section is too big. ++ + 2017-06-26 Nick Clifton <nickc@redhat.com> + + PR binutils/21665 |