Files
poky/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
Thiruvadi Rajaraman 70f2d42e84 binutils: CVE-2017-8395
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74153
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 27dce214c561f9ae6f874990432f9d76a7de29d4
Description:

    Fix seg-fault attempting to compress a debug section in a corrupt binary.

        PR binutils/21431
        * compress.c (bfd_init_section_compress_status): Check the return
        value from bfd_malloc.

Affects: <= 2.29

Author: Nick Clifton <nickc@redhat.com>
(From OE-Core rev: addac2e8f6f6132807a590a032a4292079542fbe)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-01-07 17:10:08 +00:00

73 lines
2.2 KiB
Diff

commit e63d123268f23a4cbc45ee55fb6dbc7d84729da3
Author: Nick Clifton <nickc@redhat.com>
Date: Wed Apr 26 13:07:49 2017 +0100
Fix seg-fault attempting to compress a debug section in a corrupt binary.
PR binutils/21431
* compress.c (bfd_init_section_compress_status): Check the return
value from bfd_malloc.
Upstream-Status: Backport
CVE: CVE-2017-8395
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Index: git/bfd/compress.c
===================================================================
--- git.orig/bfd/compress.c 2017-09-04 17:55:00.546577566 +0530
+++ git/bfd/compress.c 2017-09-04 17:55:10.770664577 +0530
@@ -534,7 +534,6 @@
{
bfd_size_type uncompressed_size;
bfd_byte *uncompressed_buffer;
- bfd_boolean ret;
/* Error if not opened for read. */
if (abfd->direction != read_direction
@@ -550,18 +549,18 @@
/* Read in the full section contents and compress it. */
uncompressed_size = sec->size;
uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size);
+ /* PR 21431 */
+ if (uncompressed_buffer == NULL)
+ return FALSE;
+
if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer,
0, uncompressed_size))
- ret = FALSE;
- else
- {
- uncompressed_size = bfd_compress_section_contents (abfd, sec,
- uncompressed_buffer,
- uncompressed_size);
- ret = uncompressed_size != 0;
- }
+ return FALSE;
- return ret;
+ uncompressed_size = bfd_compress_section_contents (abfd, sec,
+ uncompressed_buffer,
+ uncompressed_size);
+ return uncompressed_size != 0;
}
/*
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog 2017-09-04 17:55:10.714664101 +0530
+++ git/bfd/ChangeLog 2017-09-04 17:56:40.991431847 +0530
@@ -73,6 +73,12 @@
(evax_bfd_print_egsd): Check for an overlarge record length.
(evax_bfd_print_etir): Likewise.
+2017-04-26 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/21431
+ * compress.c (bfd_init_section_compress_status): Check the return
+ value from bfd_malloc.
+
2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
* readelf.c (process_mips_specific): Remove error reporting from