aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch
blob: fb9ce90740eed734f72f95e6d3c3e7ae20f2e76f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
commit e82ab856bb4689330c29fb9f1c57a8555b26380e
Author: Nick Clifton <nickc@redhat.com>
Date:   Thu Dec 1 10:49:39 2016 +0000

    Fix a seg-fault disassembling a corrupt binary.
    
        PR binutils/20892
        * aoutx.h (find_nearest_line): Handle the case where the function
        name is empty.

Upstream-Status: Backport

CVE: CVE-2017-7224
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>

Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog	2017-09-04 12:54:37.513859864 +0530
+++ git/bfd/ChangeLog	2017-09-04 13:00:22.891753836 +0530
@@ -120,6 +120,10 @@
        * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
        the end of the string buffer.
 
+       PR binutils/20892
+       * aoutx.h (find_nearest_line): Handle the case where the function
+       name is empty.
+
 2016-08-02  Nick Clifton  <nickc@redhat.com>
 
 	PR ld/17739
Index: git/bfd/aoutx.h
===================================================================
--- git.orig/bfd/aoutx.h	2017-09-04 12:54:35.957851411 +0530
+++ git/bfd/aoutx.h	2017-09-04 12:57:50.634902163 +0530
@@ -2819,6 +2819,13 @@
       const char *function = func->name;
       char *colon;
 
+      if (buf == NULL)
+       {
+         /* PR binutils/20892: In a corrupt input file func can be empty.  */
+         * functionname_ptr = NULL;
+         return TRUE;
+       }
+
       /* The caller expects a symbol name.  We actually have a
 	 function name, without the leading underscore.  Put the
 	 underscore back in, so that the caller gets a symbol name.  */