mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-31 12:49:46 +00:00
Code Issues Projects Releases Wiki Activity

binutils: CVE-2017-7224

Browse Source 
Source: git://sourceware.org/git/binutils-gdb.git
MR: 74309
Type: Security Fix
Disposition: Backport from binutils-2_29-branch
ChangeID: 640c2ad711ead368a65079a464c55368851e8744
Description:

Fix a seg-fault disassembling a corrupt binary.

    PR binutils/20892
    * aoutx.h (find_nearest_line): Handle the case where the function
      name is empty.

Affects: <= 2.29
(From OE-Core rev: 54992e752e396fc5b3bc5b067cfc4741f1176bb3)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Thiruvadi Rajaraman
2017-09-04 13:56:15 +05:30
committed by Richard Purdie
parent 39722ae3c6
commit f85b35f63a
2 changed files with 49 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-devtools/binutils/binutils-2.27.inc
+1
View File
@@ -60,6 +60,7 @@ SRC_URI = "\
file://CVE-2017-12450_12452_12453_12454_12456_1.patch \
file://CVE-2017-12450_12452_12453_12454_12456.patch \
file://CVE-2017-7223.patch \
file://CVE-2017-7224.patch \
"
S = "${WORKDIR}/git"
meta/recipes-devtools/binutils/binutils/CVE-2017-7224.patch
+48
View File
@@ -0,0 +1,48 @@
commit e82ab856bb4689330c29fb9f1c57a8555b26380e
Author: Nick Clifton <nickc@redhat.com>
Date: Thu Dec 1 10:49:39 2016 +0000
Fix a seg-fault disassembling a corrupt binary.
PR binutils/20892
* aoutx.h (find_nearest_line): Handle the case where the function
name is empty.
Upstream-Status: Backport
CVE: CVE-2017-7224
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Index: git/bfd/ChangeLog
===================================================================
--- git.orig/bfd/ChangeLog 2017-09-04 12:54:37.513859864 +0530
+++ git/bfd/ChangeLog 2017-09-04 13:00:22.891753836 +0530
@@ -120,6 +120,10 @@
* peicode.h (pe_ILF_object_p): Use strnlen to avoid running over
the end of the string buffer.
+ PR binutils/20892
+ * aoutx.h (find_nearest_line): Handle the case where the function
+ name is empty.
+
2016-08-02 Nick Clifton <nickc@redhat.com>
PR ld/17739
Index: git/bfd/aoutx.h
===================================================================
--- git.orig/bfd/aoutx.h 2017-09-04 12:54:35.957851411 +0530
+++ git/bfd/aoutx.h 2017-09-04 12:57:50.634902163 +0530
@@ -2819,6 +2819,13 @@
const char *function = func->name;
char *colon;
+ if (buf == NULL)
+ {
+ /* PR binutils/20892: In a corrupt input file func can be empty. */
+ * functionname_ptr = NULL;
+ return TRUE;
+ }
+
/* The caller expects a symbol name. We actually have a
function name, without the leading underscore. Put the
underscore back in, so that the caller gets a symbol name. */