aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch
blob: 2cae63b4fc74f06aef6a491d7fdca479bb6a6f76 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
From 60a02042bacf8d25814430080adda61ed086bca6 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Fri, 30 Jun 2017 11:03:37 +0100
Subject: [PATCH] Fix failures in MMIX linker tests introduced by fix for PR
 21665.

	PR binutils/21665
	* objdump.c (disassemble_section): Move check for an overlarge
	section to just before the allocation of memory.  Do not check
	section size against file size, but instead use an arbitrary 2Gb
	limit.  Issue a warning message if the section is too big.

Upstream-Status: Backport
CVE: CVE-2017-9955 #7
Signed-off-by: Armin Kuster <akuster@mvista.com>

---
 binutils/ChangeLog |  8 ++++++++
 binutils/objdump.c | 25 ++++++++++++++++++++++++-
 2 files changed, 32 insertions(+), 1 deletion(-)

Index: git/binutils/objdump.c
===================================================================
--- git.orig/binutils/objdump.c
+++ git/binutils/objdump.c
@@ -2048,7 +2048,7 @@ disassemble_section (bfd *abfd, asection
     return;
 
   datasize = bfd_get_section_size (section);
-  if (datasize == 0 || datasize >= (bfd_size_type) bfd_get_file_size (abfd))
+  if (datasize == 0)
     return;
 
   if (start_address == (bfd_vma) -1
@@ -2112,6 +2112,29 @@ disassemble_section (bfd *abfd, asection
     }
   rel_ppend = rel_pp + rel_count;
 
+  /* PR 21665: Check for overlarge datasizes.
+     Note - we used to check for "datasize > bfd_get_file_size (abfd)" but
+     this fails when using compressed sections or compressed file formats
+     (eg MMO, tekhex).
+
+     The call to xmalloc below will fail if too much memory is requested,
+     which will catch the problem in the normal use case.  But if a memory
+     checker is in use, eg valgrind or sanitize, then an exception will
+     be still generated, so we try to catch the problem first.
+
+     Unfortunately there is no simple way to determine how much memory can
+     be allocated by calling xmalloc.  So instead we use a simple, arbitrary
+     limit of 2Gb.  Hopefully this should be enough for most users.  If
+     someone does start trying to disassemble sections larger then 2Gb in
+     size they will doubtless complain and we can increase the limit.  */
+#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */
+  if (datasize > MAX_XMALLOC)
+    {
+      non_fatal (_("Reading section %s failed because it is too big (%#lx)"),
+		 section->name, (unsigned long) datasize);
+      return;
+    }
+
   data = (bfd_byte *) xmalloc (datasize);
 
   bfd_get_section_contents (abfd, section, data, 0, datasize);
Index: git/binutils/ChangeLog
===================================================================
--- git.orig/binutils/ChangeLog
+++ git/binutils/ChangeLog
@@ -1,3 +1,11 @@
+2017-06-30  Nick Clifton  <nickc@redhat.com>
+
+       PR binutils/21665
+       * objdump.c (disassemble_section): Move check for an overlarge
+       section to just before the allocation of memory.  Do not check
+       section size against file size, but instead use an arbitrary 2Gb
+       limit.  Issue a warning message if the section is too big.
+
 2017-06-26  Nick Clifton  <nickc@redhat.com>
  
        PR binutils/21665