summaryrefslogtreecommitdiffstats
path: root/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch
diff options
context:
space:
mode:
Diffstat (limited to 'poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch')
-rw-r--r--poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch85
1 files changed, 0 insertions, 85 deletions
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch
deleted file mode 100644
index 815b32c30..000000000
--- a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7568.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From eef104664efb52965d85a28bc3fc7c77e52e48e2 Mon Sep 17 00:00:00 2001
-From: Nick Clifton <nickc@redhat.com>
-Date: Wed, 28 Feb 2018 10:13:54 +0000
-Subject: [PATCH] Fix potential integer overflow when reading corrupt dwarf1
- debug information.
-
- PR 22894
- * dwarf1.c (parse_die): Check the length of form blocks before
- advancing the data pointer.
-
-Upstream-Status: Backport
-Affects: Binutils <= 2.30
-CVE: CVE-2018-7568
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- bfd/ChangeLog | 6 ++++++
- bfd/dwarf1.c | 17 +++++++++++++++--
- 2 files changed, 21 insertions(+), 2 deletions(-)
-
-Index: git/bfd/dwarf1.c
-===================================================================
---- git.orig/bfd/dwarf1.c
-+++ git/bfd/dwarf1.c
-@@ -213,6 +213,7 @@ parse_die (bfd * abfd,
- /* Then the attributes. */
- while (xptr + 2 <= aDiePtrEnd)
- {
-+ unsigned int block_len;
- unsigned short attr;
-
- /* Parse the attribute based on its form. This section
-@@ -255,12 +256,24 @@ parse_die (bfd * abfd,
- break;
- case FORM_BLOCK2:
- if (xptr + 2 <= aDiePtrEnd)
-- xptr += bfd_get_16 (abfd, xptr);
-+ {
-+ block_len = bfd_get_16 (abfd, xptr);
-+ if (xptr + block_len > aDiePtrEnd
-+ || xptr + block_len < xptr)
-+ return FALSE;
-+ xptr += block_len;
-+ }
- xptr += 2;
- break;
- case FORM_BLOCK4:
- if (xptr + 4 <= aDiePtrEnd)
-- xptr += bfd_get_32 (abfd, xptr);
-+ {
-+ block_len = bfd_get_32 (abfd, xptr);
-+ if (xptr + block_len > aDiePtrEnd
-+ || xptr + block_len < xptr)
-+ return FALSE;
-+ xptr += block_len;
-+ }
- xptr += 4;
- break;
- case FORM_STRING:
-Index: git/bfd/ChangeLog
-===================================================================
---- git.orig/bfd/ChangeLog
-+++ git/bfd/ChangeLog
-@@ -4,7 +4,11 @@
- * coffgen.c (coff_pointerize_aux): Ensure auxent tagndx is in
- range before converting to a symbol table pointer.
-
--2018-02-28 Alan Modra <amodra@gmail.com>
-+2018-02-28 Nick Clifton <nickc@redhat.com>
-+
-+ PR 22894
-+ * dwarf1.c (parse_die): Check the length of form blocks before
-+ advancing the data pointer.
-
- PR 22895
- PR 22893
-@@ -14,6 +18,8 @@
- size is invalid.
- (read_attribute_value): Adjust invocations of read_n_bytes.
-
-+2018-02-28 Alan Modra <amodra@gmail.com>
-+
- PR 22887
- * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
-
OpenPOWER on IntegriCloud