diff options
| author |   Armin Kuster <akuster@mvista.com> | 2019-09-02 13:37:59 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-09-06 08:13:40 +0100 |
| commit | c608f32995c6f067c4f56e46c527e8e9c79e2295 (patch) | |
| tree | 2b8bea6ed320baf800970065b56e2948f1746d9e | |
| parent | f4a544f46e2a58e64e90d92855d1d85966eefa10 (diff) | |
| download | openembedded-core-contrib-c608f32995c6f067c4f56e46c527e8e9c79e2295.tar.gz | |
gcc-8.3: Security fix for CVE-2019-14250
Affects < 9.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-devtools/gcc/gcc-8.3.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/gcc/gcc-8.3/CVE-2019-14250.patch | 44 |
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-devtools/gcc/gcc-8.3.inc b/meta/recipes-devtools/gcc/gcc-8.3.inc index 1781ff5b5d..4b0d6f2267 100644 --- a/meta/recipes-devtools/gcc/gcc-8.3.inc +++ b/meta/recipes-devtools/gcc/gcc-8.3.inc @@ -73,6 +73,7 @@ SRC_URI = "\ file://0041-Add-a-recursion-limit-to-libiberty-s-demangling-code.patch \ file://0042-PR-debug-86964.patch \ file://0043-PR85434-Prevent-spilling-of-stack-protector-guard-s-.patch \ + file://CVE-2019-14250.patch \ " SRC_URI[md5sum] = "65b210b4bfe7e060051f799e0f994896" SRC_URI[sha256sum] = "64baadfe6cc0f4947a84cb12d7f0dfaf45bb58b7e92461639596c21e02d97d2c" diff --git a/meta/recipes-devtools/gcc/gcc-8.3/CVE-2019-14250.patch b/meta/recipes-devtools/gcc/gcc-8.3/CVE-2019-14250.patch new file mode 100644 index 0000000000..e327684e16 --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc-8.3/CVE-2019-14250.patch @@ -0,0 +1,44 @@ +From a4f1b58eb48b349a5f353bc69c30be553506d33b Mon Sep 17 00:00:00 2001 +From: rguenth <rguenth@138bc75d-0d04-0410-961f-82ee72b054a4> +Date: Thu, 25 Jul 2019 10:48:26 +0000 +Subject: [PATCH] 2019-07-25 Richard Biener <rguenther@suse.de> + + PR lto/90924 + Backport from mainline + 2019-07-12 Ren Kimura <rkx1209dev@gmail.com> + + * simple-object-elf.c (simple_object_elf_match): Check zero value + shstrndx. + + +git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/branches/gcc-8-branch@273794 138bc75d-0d04-0410-961f-82ee72b054a4 + +Upstream-Status: Backport +Affectes: < 9.2 +CVE: CVE-2019-14250 +Dropped changelog +Signed-off-by: Armin Kuster <Akustre@mvista.com> + +--- + libiberty/simple-object-elf.c | 8 ++++++++ + 2 files changed, 17 insertions(+) + +Index: gcc-8.2.0/libiberty/simple-object-elf.c +=================================================================== +--- gcc-8.2.0.orig/libiberty/simple-object-elf.c ++++ gcc-8.2.0/libiberty/simple-object-elf.c +@@ -549,6 +549,14 @@ simple_object_elf_match (unsigned char h + return NULL; + } + ++ if (eor->shstrndx == 0) ++ { ++ *errmsg = "invalid ELF shstrndx == 0"; ++ *err = 0; ++ XDELETE (eor); ++ return NULL; ++ } ++ + return (void *) eor; + } + |