aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch
blob: 0950561e102d0a4a470a13bd1d89df1138d673e9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
commit 60a02042bacf8d25814430080adda61ed086bca6
Author: Nick Clifton <nickc@redhat.com>
Date:   Fri Jun 30 11:03:37 2017 +0100

    Fix failures in MMIX linker tests introduced by fix for PR 21665.
    
    	PR binutils/21665
    	* objdump.c (disassemble_section): Move check for an overlarge
    	section to just before the allocation of memory.  Do not check
    	section size against file size, but instead use an arbitrary 2Gb
    	limit.  Issue a warning message if the section is too big.

Upstream-Status: CVE-2017-9955

CVE: CVE-2017-9955
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>

Index: git/binutils/objdump.c
===================================================================
--- git.orig/binutils/objdump.c	2017-09-21 18:10:55.499217078 +0530
+++ git/binutils/objdump.c	2017-09-21 18:10:55.483216953 +0530
@@ -1973,7 +1973,7 @@
     return;
 
   datasize = bfd_get_section_size (section);
-  if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd))
+  if (datasize == 0)
     return;
 
   if (start_address == (bfd_vma) -1
@@ -2037,6 +2037,29 @@
     }
   rel_ppend = rel_pp + rel_count;
 
+  /* PR 21665: Check for overlarge datasizes.
+     Note - we used to check for "datasize > bfd_get_file_size (abfd)" but
+     this fails when using compressed sections or compressed file formats
+     (eg MMO, tekhex).
+
+     The call to xmalloc below will fail if too much memory is requested,
+     which will catch the problem in the normal use case.  But if a memory
+     checker is in use, eg valgrind or sanitize, then an exception will
+     be still generated, so we try to catch the problem first.
+
+     Unfortunately there is no simple way to determine how much memory can
+     be allocated by calling xmalloc.  So instead we use a simple, arbitrary
+     limit of 2Gb.  Hopefully this should be enough for most users.  If
+     someone does start trying to disassemble sections larger then 2Gb in
+     size they will doubtless complain and we can increase the limit.  */
+#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */
+  if (datasize > MAX_XMALLOC)
+    {
+      non_fatal (_("Reading section %s failed because it is too big (%#lx)"),
+		 section->name, (unsigned long) datasize);
+      return;
+    }
+
   data = (bfd_byte *) xmalloc (datasize);
 
   bfd_get_section_contents (abfd, section, data, 0, datasize);
Index: git/binutils/ChangeLog
===================================================================
--- git.orig/binutils/ChangeLog	2017-09-21 17:57:10.448948416 +0530
+++ git/binutils/ChangeLog	2017-09-21 18:13:09.052268892 +0530
@@ -4,6 +4,14 @@
        * rddbg.c (read_symbol_stabs_debugging_info): Check for an empty
        string whilst concatenating symbol names.
 
+2017-06-30  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21665
+       * objdump.c (disassemble_section): Move check for an overlarge
+       section to just before the allocation of memory.  Do not check
+       section size against file size, but instead use an arbitrary 2Gb
+       limit.  Issue a warning message if the section is too big.
+
 2017-05-02  Nick Clifton  <nickc@redhat.com>
 
        PR 21440