mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-11 19:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
00aec91f57b81c1edd22eb3a896dff3e623118f4
poky/meta/recipes-devtools/binutils/binutils/CVE-2020-16593.patch
Sundeep KOKKONDA d86149ba65 binutils: stable 2.34 branch updates 
Below commits on binutils-2.34 stable branch are updated.
c4e78c0868a PR27755, powerpc-ld infinite loop
33973d228c9 gas, arm: PR26858 Fix availability of single precision vmul/vmla in arm mode
0c8652fe288 x86: Update GNU property tests
5c1bd3f52c6 x86: Properly merge -z ibt and -z shstk
93b9bf1651a PowerPC TPREL_HA/LO optimisation
58950a3bfd4 Date update
e3b314d3a61 aarch64: set sh_entsize of .plt to 0
26b6ab7a0e4 S/390: z13: Accept vector alignment hints
7324292cd94 gas: Fix checking for backwards .org with negative offset
463ec189fe9 Prevent a potential use-after-fee memory corruption bug in the linker (for PE format files).
ef2826c0fdb Fix the ARM assembler to generate a Realtime profile for armv8-r.
8524bb5bd28 Re: Fix tight loop on recursively-defined symbols
5768460022b Fix tight loop on recursively-defined symbols
a72427b1ae0 gas: PR 25863: Fix scalar vmul inside it block when assembling for MVE
9f57ab49b32 BFD: Exclude sections with no content from compress check.
aaf3f0599a2 Arm: Fix LSB of GOT for Thumb2 only PLT.
97f92b3e90a Arm: Fix thumb2 PLT branch offsets.
3053d7a163c include: Sync plugin-api.h with GCC
f7aec2b8e09 PR25745, powerpc64-ld overflows string buffer in --stats mode
1b2bf0f65c1 include: Sync plugin-api.h with GCC
5e8619b9597 include: Sync lto-symtab.h and plugin-api.h with GCC
23820109ced plugin: Don't invoke LTO-wrapper
64f5c0afcc4 plugin: Use LDPT_ADD_SYMBOLS_V2 to get symbol type
aaa1e160040 Silence warnings due to plugin API change
e7c0ee5110c Include: Sync lto-symtab.h and plugin-api.h with GCC
b6520be37fd Fix dwarf.c build with GCC 10
a560c29ca5a bfd: Change num_group to unsigned int
3ca4cd1ebde gas, arm: Fix bad backport
b3174859c4b gas, arm: PR25660L Fix vadd/vsub with lt and le condition codes for MVE
de9c1b7cfe6 powerpc64-ld infinite loop
0318fc4e18e Adjust PR25355 testcase
40bfb976274 Re: PR24511, nm should not mark symbols in .init_array as "t"
42b2380cdce Don't call lto-wrapper for ar and ranlib
acc4a8b8ac8 PR25585, PHDR segment not covered by LOAD segment

(From OE-Core rev: ad15d44b6c56ccbbe8e4c12717e7dfe3492a659a)

Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-11-20 08:19:10 +00:00

205 lines
6.3 KiB
Diff
Raw Blame History

From aec72fda3b320c36eb99fc1c4cf95b10fc026729 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Thu, 16 Apr 2020 17:49:38 +0930
Subject: [PATCH] PR25827, Null pointer dereferencing in scan_unit_for_symbols
PR 25827
* dwarf2.c (scan_unit_for_symbols): Wrap overlong lines. Don't
strdup(0).
Upstream-Status: Backport
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aec72fda3b320c36eb99fc1c4cf95b10fc026729
CVE: CVE-2020-16593
Signed-off-by: Armin Kuster <akuster@mvista.com>
Index: git/bfd/dwarf2.c
===================================================================
--- git.orig/bfd/dwarf2.c
+++ git/bfd/dwarf2.c
@@ -295,12 +295,12 @@ struct comp_unit
/* This data structure holds the information of an abbrev. */
struct abbrev_info
{
- unsigned int number; /* Number identifying abbrev. */
- enum dwarf_tag tag; /* DWARF tag. */
- int has_children; /* Boolean. */
- unsigned int num_attrs; /* Number of attributes. */
- struct attr_abbrev *attrs; /* An array of attribute descriptions. */
- struct abbrev_info *next; /* Next in chain. */
+ unsigned int number; /* Number identifying abbrev. */
+ enum dwarf_tag tag; /* DWARF tag. */
+ bfd_boolean has_children; /* TRUE if the abbrev has children. */
+ unsigned int num_attrs; /* Number of attributes. */
+ struct attr_abbrev * attrs; /* An array of attribute descriptions. */
+ struct abbrev_info * next; /* Next in chain. */
};
struct attr_abbrev
@@ -1487,6 +1487,8 @@ struct varinfo
{
/* Pointer to previous variable in list of all variables */
struct varinfo *prev_var;
+ /* The offset of the varinfo from the start of the unit. */
+ bfd_uint64_t unit_offset;
/* Source location file name */
char *file;
/* Source location line number */
@@ -1497,7 +1499,7 @@ struct varinfo
/* Where the symbol is defined */
asection *sec;
/* Is this a stack variable? */
- unsigned int stack: 1;
+ bfd_boolean stack;
};
/* Return TRUE if NEW_LINE should sort after LINE. */
@@ -2871,7 +2873,7 @@ lookup_symbol_in_variable_table (struct
struct varinfo* each;
for (each = unit->variable_table; each; each = each->prev_var)
- if (each->stack == 0
+ if (! each->stack
&& each->file != NULL
&& each->name != NULL
&& each->addr == addr
@@ -3166,6 +3168,20 @@ read_rangelist (struct comp_unit *unit,
return TRUE;
}
+static struct varinfo *
+lookup_var_by_offset (bfd_uint64_t offset, struct varinfo * table)
+{
+ while (table)
+ {
+ if (table->unit_offset == offset)
+ return table;
+ table = table->prev_var;
+ }
+
+ return NULL;
+}
+
+
/* DWARF2 Compilation unit functions. */
/* Scan over each die in a comp. unit looking for functions to add
@@ -3202,6 +3218,9 @@ scan_unit_for_symbols (struct comp_unit
bfd_vma low_pc = 0;
bfd_vma high_pc = 0;
bfd_boolean high_pc_relative = FALSE;
+ bfd_uint64_t current_offset;
+
+ current_offset = info_ptr - unit->info_ptr_unit;
/* PR 17512: file: 9f405d9d. */
if (info_ptr >= info_ptr_end)
@@ -3234,12 +3253,13 @@ scan_unit_for_symbols (struct comp_unit
goto fail;
}
- var = NULL;
if (abbrev->tag == DW_TAG_subprogram
|| abbrev->tag == DW_TAG_entry_point
|| abbrev->tag == DW_TAG_inlined_subroutine)
{
bfd_size_type amt = sizeof (struct funcinfo);
+
+ var = NULL;
func = (struct funcinfo *) bfd_zalloc (abfd, amt);
if (func == NULL)
goto fail;
@@ -3268,13 +3288,15 @@ scan_unit_for_symbols (struct comp_unit
if (var == NULL)
goto fail;
var->tag = abbrev->tag;
- var->stack = 1;
+ var->stack = TRUE;
var->prev_var = unit->variable_table;
unit->variable_table = var;
+ var->unit_offset = current_offset;
/* PR 18205: Missing debug information can cause this
var to be attached to an already cached unit. */
}
-
+ else
+ var = NULL;
/* No inline function in scope at this nesting level. */
nested_funcs[nesting_level].func = 0;
}
@@ -3362,6 +3384,33 @@ scan_unit_for_symbols (struct comp_unit
{
switch (attr.name)
{
+ case DW_AT_specification:
+ if (attr.u.val)
+ {
+ struct varinfo * spec_var;
+
+ spec_var = lookup_var_by_offset (attr.u.val,
+ unit->variable_table);
+ if (spec_var == NULL)
+ {
+ _bfd_error_handler (_("DWARF error: could not find "
+ "variable specification "
+ "at offset %lx"),
+ (unsigned long) attr.u.val);
+ break;
+ }
+
+ if (var->name == NULL)
+ var->name = spec_var->name;
+ if (var->file == NULL && spec_var->file != NULL)
+ var->file = strdup (spec_var->file);
+ if (var->line == 0)
+ var->line = spec_var->line;
+ if (var->sec == NULL)
+ var->sec = spec_var->sec;
+ }
+ break;
+
case DW_AT_name:
if (is_str_attr (attr.form))
var->name = attr.u.str;
@@ -3378,7 +3427,7 @@ scan_unit_for_symbols (struct comp_unit
case DW_AT_external:
if (attr.u.val != 0)
- var->stack = 0;
+ var->stack = FALSE;
break;
case DW_AT_location:
@@ -3392,7 +3441,7 @@ scan_unit_for_symbols (struct comp_unit
if (attr.u.blk->data != NULL
&& *attr.u.blk->data == DW_OP_addr)
{
- var->stack = 0;
+ var->stack = FALSE;
/* Verify that DW_OP_addr is the only opcode in the
location, in which case the block size will be 1
@@ -3888,7 +3937,7 @@ comp_unit_hash_info (struct dwarf2_debug
each_var = each_var->prev_var)
{
/* Skip stack vars and vars with no files or names. */
- if (each_var->stack == 0
+ if (! each_var->stack
&& each_var->file != NULL
&& each_var->name != NULL)
/* There is no need to copy name string into hash table as
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog
+++ git/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2020-04-16 Alan Modra <amodra@gmail.com>
+
+ PR 25827
+ * dwarf2.c (scan_unit_for_symbols): Wrap overlong lines. Don't
+ strdup(0).
+
2021-05-03 Alan Modra <amodra@gmail.com>
PR 27755
Reference in New Issue View Git Blame Copy Permalink