aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
blob: 42793e133b80b4c63fef81c8d2a59d698e786cc5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
commit e63d123268f23a4cbc45ee55fb6dbc7d84729da3
Author: Nick Clifton <nickc@redhat.com>
Date:   Wed Apr 26 13:07:49 2017 +0100

    Fix seg-fault attempting to compress a debug section in a corrupt binary.
    
    	PR binutils/21431
    	* compress.c (bfd_init_section_compress_status): Check the return
    	value from bfd_malloc.

Upstream-Status: Backport

CVE: CVE-2017-8395
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>

Index: git/bfd/compress.c
===================================================================
--- git.orig/bfd/compress.c	2017-09-04 17:55:00.546577566 +0530
+++ git/bfd/compress.c	2017-09-04 17:55:10.770664577 +0530
@@ -534,7 +534,6 @@
 {
   bfd_size_type uncompressed_size;
   bfd_byte *uncompressed_buffer;
-  bfd_boolean ret;
 
   /* Error if not opened for read.  */
   if (abfd->direction != read_direction
@@ -550,18 +549,18 @@
   /* Read in the full section contents and compress it.  */
   uncompressed_size = sec->size;
   uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size);
+  /* PR 21431 */
+  if (uncompressed_buffer == NULL)
+    return FALSE;
+
   if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer,
 				 0, uncompressed_size))
-    ret = FALSE;
-  else
-    {
-      uncompressed_size = bfd_compress_section_contents (abfd, sec,
-							 uncompressed_buffer,
-							 uncompressed_size);
-      ret = uncompressed_size != 0;
-    }
+    return FALSE;
 
-  return ret;
+  uncompressed_size = bfd_compress_section_contents (abfd, sec,
+						     uncompressed_buffer,
+						     uncompressed_size);
+  return uncompressed_size != 0;
 }
 
 /*
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog	2017-09-04 17:55:10.714664101 +0530
+++ git/bfd/ChangeLog	2017-09-04 17:56:40.991431847 +0530
@@ -73,6 +73,12 @@
        (evax_bfd_print_egsd): Check for an overlarge record length.
        (evax_bfd_print_etir): Likewise.
 
+2017-04-26  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21431
+       * compress.c (bfd_init_section_compress_status): Check the return
+       value from bfd_malloc.
+
 2017-04-25  Maciej W. Rozycki  <macro@imgtec.com>
 
        * readelf.c (process_mips_specific): Remove error reporting from