diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2019-9077.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2019-9077.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2019-9077.patch b/meta/recipes-devtools/binutils/binutils/CVE-2019-9077.patch new file mode 100644 index 0000000000..11ecb71b2e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2019-9077.patch @@ -0,0 +1,37 @@ +From f7bbc8890de45df6eda0ddef5dd04f835f54eecf Mon Sep 17 00:00:00 2001 +From: Nick Clifton <nickc@redhat.com> +Date: Wed, 20 Feb 2019 17:03:47 +0000 +Subject: [PATCH] Fix a illegal memory access fault when parsing a corrupt MIPS + option section using readelf. + + PR 24243 + * readelf.c (process_mips_specific): Check for an options section + that is too small to even contain a single option. + +Upstream-Status: Backport [https://github.com/bminor/binutils-gdb/commit/7fc0c668f2aceb8582d74db1ad2528e2bba8a921] +CVE: CVE-2019-9077 +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> +--- + binutils/readelf.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/binutils/readelf.c b/binutils/readelf.c +index 9df3742..18ab806 100644 +--- a/binutils/readelf.c ++++ b/binutils/readelf.c +@@ -16179,6 +16179,12 @@ process_mips_specific (Filedata * filedata) + error (_("No MIPS_OPTIONS header found\n")); + return FALSE; + } ++ /* PR 24243 */ ++ if (sect->sh_size < sizeof (* eopt)) ++ { ++ error (_("The MIPS options section is too small.\n")); ++ return FALSE; ++ } + + eopt = (Elf_External_Options *) get_data (NULL, filedata, options_offset, 1, + sect->sh_size, _("options")); +-- +2.7.4 + |