1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-17 04:07:06 +00:00

binutils: CVE-2017-8396

Source: git://sourceware.org/git/binutils-gdb.git
MR: 74101
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: db47540066f83529439566f8621d6e35fe86b77c
Description:

buffer overflow in perform_relocation

The existing reloc offset range tests didn't catch small negative
offsets less than the size of the reloc field.

PR 21432
 * reloc.c (reloc_offset_in_range): New function.
   (bfd_perform_relocation, bfd_install_relocation): Use it.
   (_bfd_final_link_relocate): Likewise.

Affects: <= 2.29
Author: Alan Modra <amodra@gmail.com>
(From OE-Core rev: e5aa4adaddbae184bbbb1c42f79c1deba931c72a)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Thiruvadi Rajaraman
2017-09-13 17:09:39 +05:30
committed by Richard Purdie
parent 2dcc1db01d
commit 52bc287aca
2 changed files with 103 additions and 0 deletions
@@ -71,6 +71,7 @@ SRC_URI = "\
file://CVE-2017-8395.patch \
file://CVE-2017-8397.patch \
file://CVE-2017-7300.patch \
file://CVE-2017-8396.patch \
"
S = "${WORKDIR}/git"