diff options
Diffstat (limited to 'meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch')
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch new file mode 100644 index 0000000000..3634421923 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch @@ -0,0 +1,89 @@ +commit 7211ae501eb0de1044983f2dfb00091a58fbd66c +Author: Alan Modra <amodra@gmail.com> +Date: Tue Jun 27 09:45:04 2017 +0930 + + More fixes for bfd_get_section_contents change + + PR binutils/21665 + * libbfd.c (_bfd_generic_get_section_contents): Delete abort. + Use unsigned file pointer type, and remove cast. + * libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise. + Add "count", not "sz". + +Upstream-Status: Backport + +CVE: CVE-2017-9955 +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: git/bfd/libbfd.c +=================================================================== +--- git.orig/bfd/libbfd.c 2017-09-21 18:04:47.316362760 +0530 ++++ git/bfd/libbfd.c 2017-09-21 18:04:47.300362638 +0530 +@@ -780,7 +780,7 @@ + bfd_size_type count) + { + bfd_size_type sz; +- file_ptr filesz; ++ ufile_ptr filesz; + if (count == 0) + return TRUE; + +@@ -803,14 +803,9 @@ + else + sz = section->size; + filesz = bfd_get_file_size (abfd); +- if (filesz < 0) +- { +- /* This should never happen. */ +- abort (); +- } + if (offset + count < count + || offset + count > sz +- || (section->filepos + offset + count) > (bfd_size_type) filesz) ++ || section->filepos + offset + count > filesz) + { + bfd_set_error (bfd_error_invalid_operation); + return FALSE; +@@ -833,7 +828,7 @@ + { + #ifdef USE_MMAP + bfd_size_type sz; +- file_ptr filesz; ++ ufile_ptr filesz; + + if (count == 0) + return TRUE; +@@ -867,13 +862,8 @@ + else + sz = section->size; + filesz = bfd_get_file_size (abfd); +- if (filesz < 0) +- { +- /* This should never happen. */ +- abort (); +- } + if (offset + count > sz +- || (section->filepos + offset + sz) > (bfd_size_type) filesz ++ || section->filepos + offset + count > filesz + || ! bfd_get_file_window (abfd, section->filepos + offset, count, w, + TRUE)) + return FALSE; +Index: git/bfd/ChangeLog +=================================================================== +--- git.orig/bfd/ChangeLog 2017-09-21 18:03:42.955872017 +0530 ++++ git/bfd/ChangeLog 2017-09-21 18:06:39.973228125 +0530 +@@ -11,6 +11,14 @@ + of end pointer. + (evax_bfd_print_emh): Check for invalid string lengths. + ++2017-06-27 Alan Modra <amodra@gmail.com> ++ ++ PR binutils/21665 ++ * libbfd.c (_bfd_generic_get_section_contents): Delete abort. ++ Use unsigned file pointer type, and remove cast. ++ * libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise. ++ Add "count", not "sz". ++ + 2017-06-26 Pedro Alves <palves@redhat.com> + + PR binutils/21665 |