diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch')
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch | 89 |
1 files changed, 0 insertions, 89 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch b/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch deleted file mode 100644 index 05af65bad1..0000000000 --- a/meta/recipes-devtools/binutils/binutils/binutils_CVE-2014-8502.patch +++ /dev/null @@ -1,89 +0,0 @@ -Upstream-Status: Backport - -CVE-2014-8502 fix. - -[YOCTO #7084] - -Signed-off-by: Armin Kuster <akuster808@gmail.com> - -From 5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 Mon Sep 17 00:00:00 2001 -From: Nick Clifton <nickc@redhat.com> -Date: Tue, 28 Oct 2014 15:42:56 +0000 -Subject: [PATCH] More fixes for corrupt binaries crashing the binutils. - - PR binutils/17512 - * elf.c (bfd_section_from_shdr): Allocate and free the recursion - detection table on a per-bfd basis. - * peXXigen.c (pe_print_edata): Handle binaries with a truncated - export table. ---- - bfd/ChangeLog | 8 ++++++++ - bfd/elf.c | 16 +++++++++++++--- - bfd/peXXigen.c | 9 +++++++++ - 3 files changed, 30 insertions(+), 3 deletions(-) - -Index: binutils-2.24/bfd/peXXigen.c -=================================================================== ---- binutils-2.24.orig/bfd/peXXigen.c -+++ binutils-2.24/bfd/peXXigen.c -@@ -1438,6 +1438,15 @@ pe_print_edata (bfd * abfd, void * vfile - } - } - -+ /* PR 17512: Handle corrupt PE binaries. */ -+ if (datasize < 36) -+ { -+ fprintf (file, -+ _("\nThere is an export table in %s, but it is too small (%d)\n"), -+ section->name, (int) datasize); -+ return TRUE; -+ } -+ - fprintf (file, _("\nThere is an export table in %s at 0x%lx\n"), - section->name, (unsigned long) addr); - -Index: binutils-2.24/bfd/elf.c -=================================================================== ---- binutils-2.24.orig/bfd/elf.c -+++ binutils-2.24/bfd/elf.c -@@ -1576,6 +1576,7 @@ bfd_section_from_shdr (bfd *abfd, unsign - const char *name; - bfd_boolean ret = TRUE; - static bfd_boolean * sections_being_created = NULL; -+ static bfd * sections_being_created_abfd = NULL; - static unsigned int nesting = 0; - - if (shindex >= elf_numsections (abfd)) -@@ -1588,13 +1589,20 @@ bfd_section_from_shdr (bfd *abfd, unsign - loop. Detect this here, by refusing to load a section that we are - already in the process of loading. We only trigger this test if - we have nested at least three sections deep as normal ELF binaries -- can expect to recurse at least once. */ -+ can expect to recurse at least once. -+ -+ FIXME: It would be better if this array was attached to the bfd, -+ rather than being held in a static pointer. */ -+ -+ if (sections_being_created_abfd != abfd) -+ sections_being_created = NULL; - - if (sections_being_created == NULL) - { - /* FIXME: It would be more efficient to attach this array to the bfd somehow. */ - sections_being_created = (bfd_boolean *) - bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean)); -+ sections_being_created_abfd = abfd; - } - if (sections_being_created [shindex]) - { -@@ -2098,7 +2106,10 @@ bfd_section_from_shdr (bfd *abfd, unsign - if (sections_being_created) - sections_being_created [shindex] = FALSE; - if (-- nesting == 0) -+ { - sections_being_created = NULL; -+ sections_being_created_abfd = abfd; -+ } - return ret; - } - |