mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-07 16:59:22 +00:00
Code Issues Projects Releases Wiki Activity

binutils: internal gdb: Fix CVE-2023-39129

Browse Source 
CVE: CVE-2023-39129
(From OE-Core rev: fd3f20e1e8bcd63b75e8800fe60d6194a4fd6bd4)

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Deepthi Hemraj
2024-02-05 04:29:17 -08:00
committed by Steve Sakoman
parent 817f0e1f89
commit 1398a0e07f
2 changed files with 51 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-devtools/binutils/binutils-2.38.inc
+1
View File
@@ -69,5 +69,6 @@ SRC_URI = "\
file://0032-CVE-2022-47010.patch \
file://0033-CVE-2022-47007.patch \
file://0034-CVE-2022-48064.patch \
file://0035-CVE-2023-39129.patch \
"
S = "${WORKDIR}/git"
meta/recipes-devtools/binutils/binutils/0035-CVE-2023-39129.patch
+50
View File
@@ -0,0 +1,50 @@
From: Keith Seitz <keiths@...>
Date: Wed, 2 Aug 2023 15:35:11 +0000 (-0700)
Subject: Verify COFF symbol stringtab offset
X-Git-Tag: gdb-14-branchpoint~473
X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=58abdf887821a5da09ba184c6e400a3bc5cccd5a
Verify COFF symbol stringtab offset
This patch addresses an issue with malformed/fuzzed debug information that
was recently reported in gdb/30639. That bug specifically deals with
an ASAN issue, but the reproducer provided by the reporter causes a
another failure outside of ASAN:
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=58abdf887821a5da09ba184c6e400a3bc5cccd5a]
CVE: CVE-2023-39129
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
diff --git a/gdb/coffread.c b/gdb/coffread.c
--- a/gdb/coffread.c
+++ b/gdb/coffread.c
@@ -159,6 +160,7 @@ static file_ptr linetab_offset;
static file_ptr linetab_size;
static char *stringtab = NULL;
+static long stringtab_length = 0;
extern void stabsread_clear_cache (void);
@@ -1303,6 +1298,7 @@ init_stringtab (bfd *abfd, file_ptr offset, gdb::unique_xmalloc_ptr<char> *stora
/* This is in target format (probably not very useful, and not
currently used), not host format. */
memcpy (stringtab, lengthbuf, sizeof lengthbuf);
+ stringtab_length = length;
if (length == sizeof length) /* Empty table -- just the count. */
return 0;
@@ -1322,8 +1318,9 @@ getsymname (struct internal_syment *symbol_entry)
if (symbol_entry->_n._n_n._n_zeroes == 0)
{
- /* FIXME: Probably should be detecting corrupt symbol files by
- seeing whether offset points to within the stringtab. */
+ if (symbol_entry->_n._n_n._n_offset > stringtab_length)
+ error (_("COFF Error: string table offset (%ld) outside string table (length %ld)"),
+ symbol_entry->_n._n_n._n_offset, stringtab_length);
result = stringtab + symbol_entry->_n._n_n._n_offset;
}
else