mirror of
https://git.yoctoproject.org/poky
synced 2026-02-15 13:13:02 +01:00
7ef44dbd3b
(From OE-Core rev: abdc51527988afdcfd2db6dc08ebb6083a341be9) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
29 lines
1.1 KiB
Diff
29 lines
1.1 KiB
Diff
From e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 Mon Sep 17 00:00:00 2001
|
|
From: Nick Clifton <nickc@redhat.com>
|
|
Date: Mon, 5 Aug 2019 10:40:35 +0100
|
|
Subject: [PATCH] Catch potential integer overflow in readelf when processing
|
|
corrupt binaries.
|
|
|
|
PR 24829
|
|
* readelf.c (apply_relocations): Catch potential integer overflow
|
|
whilst checking reloc location against section size.
|
|
|
|
CVE: CVE-2019-14444
|
|
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7]
|
|
[Removed Changelog entry]
|
|
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
---
|
|
diff --git a/binutils/readelf.c b/binutils/readelf.c
|
|
index b896ad9f406..e785fde43e7 100644
|
|
--- a/binutils/readelf.c
|
|
+++ b/binutils/readelf.c
|
|
@@ -13366,7 +13366,7 @@ apply_relocations (Filedata * filedata,
|
|
}
|
|
|
|
rloc = start + rp->r_offset;
|
|
- if ((rloc + reloc_size) > end || (rloc < start))
|
|
+ if (rloc >= end || (rloc + reloc_size) > end || (rloc < start))
|
|
{
|
|
warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
|
|
(unsigned long) rp->r_offset,
|