mirror of
https://git.yoctoproject.org/poky
synced 2026-02-21 17:09:42 +01:00
24fe566155
Upstream Repository: https://sourceware.org/git/binutils-gdb.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2021-46174 Type: Security Fix CVE: CVE-2021-46174 Score: 7.5 Patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cad4d6b91e97 (From OE-Core rev: 94f2468de191f8c1dd236efb91f3094a76ddffc9) Signed-off-by: poojitha adireddy <pooadire@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
From 46322722ad40ac1a75672ae0f62f4969195f1368 Mon Sep 17 00:00:00 2001
|
|
From: Alan Modra <amodra@gmail.com>
|
|
Date: Thu, 20 Jan 2022 13:58:38 +1030
|
|
Subject: [PATCH] PR28753, buffer overflow in read_section_stabs_debugging_info
|
|
|
|
PR 28753
|
|
* rddbg.c (read_section_stabs_debugging_info): Don't read past
|
|
end of section when concatentating stab strings.
|
|
|
|
CVE: CVE-2021-46174
|
|
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cad4d6b91e97]
|
|
|
|
(cherry picked from commit 085b299b71721e15f5c5c5344dc3e4e4536dadba)
|
|
(cherry picked from commit cad4d6b91e97b6962807d33c04ed7e7797788438)
|
|
Signed-off-by: poojitha adireddy <pooadire@cisco.com>
|
|
---
|
|
binutils/rddbg.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/binutils/rddbg.c b/binutils/rddbg.c
|
|
index 72e934055b5..5e76d94a3c4 100644
|
|
--- a/binutils/rddbg.c
|
|
+++ b/binutils/rddbg.c
|
|
@@ -207,7 +207,7 @@ read_section_stabs_debugging_info (bfd *abfd, asymbol **syms, long symcount,
|
|
an attempt to read the byte before 'strings' would occur. */
|
|
while ((len = strlen (s)) > 0
|
|
&& s[len - 1] == '\\'
|
|
- && stab + 12 < stabs + stabsize)
|
|
+ && stab + 16 <= stabs + stabsize)
|
|
{
|
|
char *p;
|
|
|
|
--
|
|
2.23.1
|
|
|