diff options
| author |   Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-09-04 13:56:15 +0530 |
|---|---|---|
| committer |   Armin Kuster <akuster@mvista.com> | 2017-11-23 17:40:46 -0800 |
| commit | 09b05b9733e48bd81f819b227d8363bcecfaef4f (patch) | |
| tree | 4c65365a38c0f9782c7aa1ad62f8f13e1b417ed3 | |
| parent | c434d950cd3a12da773c1cf3c773ba26fbcb88f5 (diff) | |
| download | meta-openembedded-contrib-09b05b9733e48bd81f819b227d8363bcecfaef4f.tar.gz | |
binutils: CVE-2017-7224
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74309
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: 640c2ad711ead368a65079a464c55368851e8744
Description:
Fix a seg-fault disassembling a corrupt binary.
PR binutils/20892
* aoutx.h (find_nearest_line): Handle the case where the function
name is empty.
Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.27.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch | 48 |
2 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.27.inc b/meta/recipes-devtools/binutils/binutils-2.27.inc index 06c69b9f66..82b9be774f 100644 --- a/meta/recipes-devtools/binutils/binutils-2.27.inc +++ b/meta/recipes-devtools/binutils/binutils-2.27.inc @@ -60,6 +60,7 @@ SRC_URI = "\ file://CVE-2017-12450_12452_12453_12454_12456_1.patch \ file://CVE-2017-12450_12452_12453_12454_12456.patch \ file://CVE-2017-7223.patch \ + file://CVE-2017-7224.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch new file mode 100644 index 0000000000..fb9ce90740 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch @@ -0,0 +1,48 @@ +commit e82ab856bb4689330c29fb9f1c57a8555b26380e +Author: Nick Clifton <nickc@redhat.com> +Date: Thu Dec 1 10:49:39 2016 +0000 + + Fix a seg-fault disassembling a corrupt binary. + + PR binutils/20892 + * aoutx.h (find_nearest_line): Handle the case where the function + name is empty. + +Upstream-Status: Backport + +CVE: CVE-2017-7224 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog 2017-09-04 12:54:37.513859864 +0530 ++++ git/bfd/ChangeLog 2017-09-04 13:00:22.891753836 +0530 +@@ -120,6 +120,10 @@ + * peicode.h (pe_ILF_object_p): Use strnlen to avoid running over + the end of the string buffer. + ++ PR binutils/20892 ++ * aoutx.h (find_nearest_line): Handle the case where the function ++ name is empty. ++ + 2016-08-02 Nick Clifton <nickc@redhat.com> + + PR ld/17739 +Index: git/bfd/aoutx.h +=================================================================== +--- git.orig/bfd/aoutx.h 2017-09-04 12:54:35.957851411 +0530 ++++ git/bfd/aoutx.h 2017-09-04 12:57:50.634902163 +0530 +@@ -2819,6 +2819,13 @@ + const char *function = func->name; + char *colon; + ++ if (buf == NULL) ++ { ++ /* PR binutils/20892: In a corrupt input file func can be empty. */ ++ * functionname_ptr = NULL; ++ return TRUE; ++ } ++ + /* The caller expects a symbol name. We actually have a + function name, without the leading underscore. Put the + underscore back in, so that the caller gets a symbol name. */ |