summaryrefslogtreecommitdiffstats
path: root/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch
diff options
context:
space:
mode:
Diffstat (limited to 'poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch')
-rw-r--r--poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch119
1 files changed, 0 insertions, 119 deletions
diff --git a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch b/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch
deleted file mode 100644
index 96c0fd242..000000000
--- a/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-7569.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From 12c963421d045a127c413a0722062b9932c50aa9 Mon Sep 17 00:00:00 2001
-From: Nick Clifton <nickc@redhat.com>
-Date: Wed, 28 Feb 2018 11:50:49 +0000
-Subject: [PATCH] Catch integer overflows/underflows when parsing corrupt DWARF
- FORM blocks.
-
- PR 22895
- PR 22893
- * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block
- pointer. Drop unused abfd parameter. Check the size of the block
- before initialising the data field. Return the end pointer if the
- size is invalid.
- (read_attribute_value): Adjust invocations of read_n_bytes.
-
-Upstream-Status: Backport
-Affects: Binutils <= 2.30
-CVE: CVE-2018-7569
-Signed-off-by: Armin Kuster <akuster@mvista.com>
----
- bfd/ChangeLog | 8 ++++++++
- bfd/dwarf2.c | 36 +++++++++++++++++++++---------------
- 2 files changed, 29 insertions(+), 15 deletions(-)
-
-Index: git/bfd/dwarf2.c
-===================================================================
---- git.orig/bfd/dwarf2.c
-+++ git/bfd/dwarf2.c
-@@ -622,14 +622,24 @@ read_8_bytes (bfd *abfd, bfd_byte *buf,
- }
-
- static bfd_byte *
--read_n_bytes (bfd *abfd ATTRIBUTE_UNUSED,
-- bfd_byte *buf,
-- bfd_byte *end,
-- unsigned int size ATTRIBUTE_UNUSED)
--{
-- if (buf + size > end)
-- return NULL;
-- return buf;
-+read_n_bytes (bfd_byte * buf,
-+ bfd_byte * end,
-+ struct dwarf_block * block)
-+{
-+ unsigned int size = block->size;
-+ bfd_byte * block_end = buf + size;
-+
-+ if (block_end > end || block_end < buf)
-+ {
-+ block->data = NULL;
-+ block->size = 0;
-+ return end;
-+ }
-+ else
-+ {
-+ block->data = buf;
-+ return block_end;
-+ }
- }
-
- /* Scans a NUL terminated string starting at BUF, returning a pointer to it.
-@@ -1127,8 +1137,7 @@ read_attribute_value (struct attribute *
- return NULL;
- blk->size = read_2_bytes (abfd, info_ptr, info_ptr_end);
- info_ptr += 2;
-- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
-- info_ptr += blk->size;
-+ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
- attr->u.blk = blk;
- break;
- case DW_FORM_block4:
-@@ -1138,8 +1147,7 @@ read_attribute_value (struct attribute *
- return NULL;
- blk->size = read_4_bytes (abfd, info_ptr, info_ptr_end);
- info_ptr += 4;
-- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
-- info_ptr += blk->size;
-+ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
- attr->u.blk = blk;
- break;
- case DW_FORM_data2:
-@@ -1179,8 +1187,7 @@ read_attribute_value (struct attribute *
- blk->size = _bfd_safe_read_leb128 (abfd, info_ptr, &bytes_read,
- FALSE, info_ptr_end);
- info_ptr += bytes_read;
-- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
-- info_ptr += blk->size;
-+ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
- attr->u.blk = blk;
- break;
- case DW_FORM_block1:
-@@ -1190,8 +1197,7 @@ read_attribute_value (struct attribute *
- return NULL;
- blk->size = read_1_byte (abfd, info_ptr, info_ptr_end);
- info_ptr += 1;
-- blk->data = read_n_bytes (abfd, info_ptr, info_ptr_end, blk->size);
-- info_ptr += blk->size;
-+ info_ptr = read_n_bytes (info_ptr, info_ptr_end, blk);
- attr->u.blk = blk;
- break;
- case DW_FORM_data1:
-Index: git/bfd/ChangeLog
-===================================================================
---- git.orig/bfd/ChangeLog
-+++ git/bfd/ChangeLog
-@@ -6,6 +6,14 @@
-
- 2018-02-28 Alan Modra <amodra@gmail.com>
-
-+ PR 22895
-+ PR 22893
-+ * dwarf2.c (read_n_bytes): Replace size parameter with dwarf_block
-+ pointer. Drop unused abfd parameter. Check the size of the block
-+ before initialising the data field. Return the end pointer if the
-+ size is invalid.
-+ (read_attribute_value): Adjust invocations of read_n_bytes.
-+
- PR 22887
- * aoutx.h (swap_std_reloc_in): Correct r_index bound check.
-
OpenPOWER on IntegriCloud