diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch | 113 |
1 files changed, 113 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch new file mode 100644 index 0000000000..208bbbafae --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-12450_12452_12453_12454_12456_1.patch @@ -0,0 +1,113 @@ +commit cb06d03ad92ffcfaa09c3f065837cb39e9e1486d +Author: Nick Clifton <nickc@redhat.com> +Date: Wed Jun 21 11:13:49 2017 +0100 + + Fix address violation parsing a corrupt IEEE Alpha binary. + + PR binutils/21637 + * vms-alpha.c (_bfd_vms_slurp_egsd): Check for an empty section + list. + (image_set_ptr): Likewise. + (alpha_vms_fix_sec_rel): Likewise. + (alpha_vms_slurp_relocs): Likewise. + +Upstream-Status: Backport + +CVE: CVE-2017-12450, CVE-2017-12452, CVE-2017-12453, CVE-2017-12454, CVE-2017-12456 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: git/bfd/vms-alpha.c +=================================================================== +--- git.orig/bfd/vms-alpha.c 2017-08-31 18:01:00.742098130 +0530 ++++ git/bfd/vms-alpha.c 2017-08-31 18:01:06.000000000 +0530 +@@ -1257,6 +1257,8 @@ + struct vms_esdf *esdf = (struct vms_esdf *)vms_rec; + + entry->value = bfd_getl64 (esdf->value); ++ if (PRIV (sections) == NULL) ++ return FALSE; + entry->section = PRIV (sections)[bfd_getl32 (esdf->psindx)]; + + if (old_flags & EGSY__V_NORM) +@@ -1291,7 +1293,11 @@ + entry->symbol_vector = bfd_getl32 (egst->value); + + if (old_flags & EGSY__V_REL) +- entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)]; ++ { ++ if (PRIV (sections) == NULL) ++ return FALSE; ++ entry->section = PRIV (sections)[bfd_getl32 (egst->psindx)]; ++ } + else + entry->section = bfd_abs_section_ptr; + +@@ -1379,6 +1385,8 @@ + + vms_debug2 ((4, "image_set_ptr (0x%08x, sect=%d)\n", (unsigned)vma, sect)); + ++ if (PRIV (sections) == NULL) ++ return; + sec = PRIV (sections)[sect]; + + if (info) +@@ -1691,7 +1699,12 @@ + alpha_vms_fix_sec_rel (bfd *abfd, struct bfd_link_info *info, + unsigned int rel, bfd_vma vma) + { +- asection *sec = PRIV (sections)[rel & RELC_MASK]; ++ asection *sec; ++ ++ if (PRIV (sections) == NULL) ++ return 0; ++ ++ sec = PRIV (sections)[rel & RELC_MASK]; + + if (info) + { +@@ -5000,6 +5013,8 @@ + return FALSE; + } + ++ if (PRIV (sections) == NULL) ++ return FALSE; + sec = PRIV (sections)[cur_psect]; + if (sec == bfd_abs_section_ptr) + { +@@ -5058,8 +5073,12 @@ + reloc->sym_ptr_ptr = sym; + } + else if (cur_psidx >= 0) +- reloc->sym_ptr_ptr = +- PRIV (sections)[cur_psidx]->symbol_ptr_ptr; ++ { ++ if (PRIV (sections) == NULL) ++ return FALSE; ++ reloc->sym_ptr_ptr = ++ PRIV (sections)[cur_psidx]->symbol_ptr_ptr; ++ } + else + reloc->sym_ptr_ptr = NULL; + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog 2017-08-31 18:01:06.000000000 +0530 ++++ git/bfd/ChangeLog 2017-08-31 18:01:49.114384620 +0530 +@@ -31,7 +31,16 @@ + correct magic bytes at the start, set the error to wrong format + and clear the format selector before returning NULL. + +- 2017-06-19 Nick Clifton <nickc@redhat.com> ++ 2017-06-21 Nick Clifton <nickc@redhat.com> ++ ++ PR binutils/21637 ++ * vms-alpha.c (_bfd_vms_slurp_egsd): Check for an empty section ++ list. ++ (image_set_ptr): Likewise. ++ (alpha_vms_fix_sec_rel): Likewise. ++ (alpha_vms_slurp_relocs): Likewise. ++ ++2017-06-19 Nick Clifton <nickc@redhat.com> + + PR binutils/21618 + * vms-alpha.c (evax_bfd_print_emh): Check for insufficient record |