diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2019-9074.patch')
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2019-9074.patch | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-9074.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-9074.patch new file mode 100644 index 0000000000..a11a51200e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-9074.patch @@ -0,0 +1,68 @@ +From e2ebb3906432dcca2727186ad79415f920730fb2 Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 19 Feb 2019 22:48:44 +1030 +Subject: [PATCH] PR24235, Read memory violation in pei-x86_64.c + + PR 24235 + * pei-x86_64.c (pex64_bfd_print_pdata_section): Correct checks + attempting to prevent read past end of section. + +Upstream-Status: Backport [https://github.com/bminor/binutils-gdb/commit/179f2db0d9c397d7dd8a59907b84208b79f7f48c] +CVE: CVE-2019-9074 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + bfd/ChangeLog | 6 ++++++ + bfd/pei-x86_64.c | 9 ++++----- + 2 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/bfd/ChangeLog b/bfd/ChangeLog +index dd2c741..cbf30de 100644 +--- a/bfd/ChangeLog ++++ b/bfd/ChangeLog +@@ -1,3 +1,9 @@ ++2019-02-19 Alan Modra <amodra@gmail.com> ++ ++ PR 24235 ++ * pei-x86_64.c (pex64_bfd_print_pdata_section): Correct checks ++ attempting to prevent read past end of section. ++ + 2019-02-04 Nick Clifton <nickc@redhat.com> + + * development.sh (experimental) Set to false. +diff --git a/bfd/pei-x86_64.c b/bfd/pei-x86_64.c +index ff1093c..7e75104 100644 +--- a/bfd/pei-x86_64.c ++++ b/bfd/pei-x86_64.c +@@ -541,7 +541,7 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section) + /* virt_size might be zero for objects. */ + if (stop == 0 && strcmp (abfd->xvec->name, "pe-x86-64") == 0) + { +- stop = (datasize / onaline) * onaline; ++ stop = datasize; + virt_size_is_zero = TRUE; + } + else if (datasize < stop) +@@ -551,8 +551,8 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section) + _("Warning: %s section size (%ld) is smaller than virtual size (%ld)\n"), + pdata_section->name, (unsigned long) datasize, + (unsigned long) stop); +- /* Be sure not to read passed datasize. */ +- stop = datasize / onaline; ++ /* Be sure not to read past datasize. */ ++ stop = datasize; + } + + /* Display functions table. */ +@@ -724,8 +724,7 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section) + altent += imagebase; + + if (altent >= pdata_vma +- && (altent + PDATA_ROW_SIZE <= pdata_vma +- + pei_section_data (abfd, pdata_section)->virt_size)) ++ && altent - pdata_vma + PDATA_ROW_SIZE <= stop) + { + pex64_get_runtime_function + (abfd, &arf, &pdata[altent - pdata_vma]); +-- +2.7.4 + |