aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch
blob: 191d0be198f087482d3dfed6e2467add2a69d8a4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
From cd3ea7c69acc5045eb28f9bf80d923116e15e4f5 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Thu, 15 Jun 2017 13:26:54 +0100
Subject: [PATCH] Prevent address violation problem when disassembling corrupt
 aarch64 binary.

	PR binutils/21595
	* aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of
	range value.

Upstream-Status: Backport
CVE: CVE-2017-9756
Signed-off-by: Armin Kuster <akuster@mvista.com>

---
 opcodes/ChangeLog     | 6 ++++++
 opcodes/aarch64-dis.c | 3 +++
 2 files changed, 9 insertions(+)

Index: git/opcodes/ChangeLog
===================================================================
--- git.orig/opcodes/ChangeLog
+++ git/opcodes/ChangeLog
@@ -6,6 +6,12 @@
 
 2017-06-15  Nick Clifton  <nickc@redhat.com>
 
+	PR binutils/21595
+	* aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of
+	range value.
+
+2017-06-15  Nick Clifton  <nickc@redhat.com>
+
 	PR binutils/21588
 	* rl78-decode.opc (OP_BUF_LEN): Define.
 	(GETBYTE): Check for the index exceeding OP_BUF_LEN.
Index: git/opcodes/aarch64-dis.c
===================================================================
--- git.orig/opcodes/aarch64-dis.c
+++ git/opcodes/aarch64-dis.c
@@ -409,6 +409,9 @@ aarch64_ext_ldst_reglist (const aarch64_
   info->reglist.first_regno = extract_field (FLD_Rt, code, 0);
   /* opcode */
   value = extract_field (FLD_opcode, code, 0);
+  /* PR 21595: Check for a bogus value.  */
+  if (value >= ARRAY_SIZE (data))
+    return 0;
   if (expected_num != data[value].num_elements || data[value].is_reserved)
     return 0;
   info->reglist.num_regs = data[value].num_regs;