mirror of
https://git.yoctoproject.org/poky
synced 2026-02-22 01:19:41 +01:00
70f2d42e84
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74153
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 27dce214c561f9ae6f874990432f9d76a7de29d4
Description:
Fix seg-fault attempting to compress a debug section in a corrupt binary.
PR binutils/21431
* compress.c (bfd_init_section_compress_status): Check the return
value from bfd_malloc.
Affects: <= 2.29
Author: Nick Clifton <nickc@redhat.com>
(From OE-Core rev: addac2e8f6f6132807a590a032a4292079542fbe)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
73 lines
2.2 KiB
Diff
73 lines
2.2 KiB
Diff
commit e63d123268f23a4cbc45ee55fb6dbc7d84729da3
|
|
Author: Nick Clifton <nickc@redhat.com>
|
|
Date: Wed Apr 26 13:07:49 2017 +0100
|
|
|
|
Fix seg-fault attempting to compress a debug section in a corrupt binary.
|
|
|
|
PR binutils/21431
|
|
* compress.c (bfd_init_section_compress_status): Check the return
|
|
value from bfd_malloc.
|
|
|
|
Upstream-Status: Backport
|
|
|
|
CVE: CVE-2017-8395
|
|
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
|
|
|
|
Index: git/bfd/compress.c
|
|
===================================================================
|
|
--- git.orig/bfd/compress.c 2017-09-04 17:55:00.546577566 +0530
|
|
+++ git/bfd/compress.c 2017-09-04 17:55:10.770664577 +0530
|
|
@@ -534,7 +534,6 @@
|
|
{
|
|
bfd_size_type uncompressed_size;
|
|
bfd_byte *uncompressed_buffer;
|
|
- bfd_boolean ret;
|
|
|
|
/* Error if not opened for read. */
|
|
if (abfd->direction != read_direction
|
|
@@ -550,18 +549,18 @@
|
|
/* Read in the full section contents and compress it. */
|
|
uncompressed_size = sec->size;
|
|
uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size);
|
|
+ /* PR 21431 */
|
|
+ if (uncompressed_buffer == NULL)
|
|
+ return FALSE;
|
|
+
|
|
if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer,
|
|
0, uncompressed_size))
|
|
- ret = FALSE;
|
|
- else
|
|
- {
|
|
- uncompressed_size = bfd_compress_section_contents (abfd, sec,
|
|
- uncompressed_buffer,
|
|
- uncompressed_size);
|
|
- ret = uncompressed_size != 0;
|
|
- }
|
|
+ return FALSE;
|
|
|
|
- return ret;
|
|
+ uncompressed_size = bfd_compress_section_contents (abfd, sec,
|
|
+ uncompressed_buffer,
|
|
+ uncompressed_size);
|
|
+ return uncompressed_size != 0;
|
|
}
|
|
|
|
/*
|
|
Index: git/bfd/ChangeLog
|
|
===================================================================
|
|
--- git.orig/bfd/ChangeLog 2017-09-04 17:55:10.714664101 +0530
|
|
+++ git/bfd/ChangeLog 2017-09-04 17:56:40.991431847 +0530
|
|
@@ -73,6 +73,12 @@
|
|
(evax_bfd_print_egsd): Check for an overlarge record length.
|
|
(evax_bfd_print_etir): Likewise.
|
|
|
|
+2017-04-26 Nick Clifton <nickc@redhat.com>
|
|
+
|
|
+ PR binutils/21431
|
|
+ * compress.c (bfd_init_section_compress_status): Check the return
|
|
+ value from bfd_malloc.
|
|
+
|
|
2017-04-25 Maciej W. Rozycki <macro@imgtec.com>
|
|
|
|
* readelf.c (process_mips_specific): Remove error reporting from
|