mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-10-17 10:40:33 +03:00
binutils: patch CVE-2021-3487
This commit is contained in:
parent
f378420360
commit
745023e01a
73
pkgs/development/tools/misc/binutils/CVE-2021-3487.patch
Normal file
73
pkgs/development/tools/misc/binutils/CVE-2021-3487.patch
Normal file
@ -0,0 +1,73 @@
|
||||
From: Nick Clifton <nickc@redhat.com>
|
||||
Date: Thu, 26 Nov 2020 17:08:33 +0000 (+0000)
|
||||
Subject: Prevent a memory allocation failure when parsing corrupt DWARF debug sections.
|
||||
X-Git-Tag: binutils-2_36~485
|
||||
X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=647cebce12a6b0a26960220caff96ff38978cf24;hp=239ca5e497dda2c151009d664d500086a5c2173a
|
||||
|
||||
Prevent a memory allocation failure when parsing corrupt DWARF debug sections.
|
||||
|
||||
PR 26946
|
||||
* dwarf2.c (read_section): Check for debug sections with excessive
|
||||
sizes.
|
||||
---
|
||||
|
||||
diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
|
||||
index 977bf43a6a1..8bbfc81d3e7 100644
|
||||
--- a/bfd/dwarf2.c
|
||||
+++ b/bfd/dwarf2.c
|
||||
@@ -531,22 +531,24 @@ read_section (bfd * abfd,
|
||||
bfd_byte ** section_buffer,
|
||||
bfd_size_type * section_size)
|
||||
{
|
||||
- asection *msec;
|
||||
const char *section_name = sec->uncompressed_name;
|
||||
bfd_byte *contents = *section_buffer;
|
||||
- bfd_size_type amt;
|
||||
|
||||
/* The section may have already been read. */
|
||||
if (contents == NULL)
|
||||
{
|
||||
+ bfd_size_type amt;
|
||||
+ asection *msec;
|
||||
+ ufile_ptr filesize;
|
||||
+
|
||||
msec = bfd_get_section_by_name (abfd, section_name);
|
||||
- if (! msec)
|
||||
+ if (msec == NULL)
|
||||
{
|
||||
section_name = sec->compressed_name;
|
||||
if (section_name != NULL)
|
||||
msec = bfd_get_section_by_name (abfd, section_name);
|
||||
}
|
||||
- if (! msec)
|
||||
+ if (msec == NULL)
|
||||
{
|
||||
_bfd_error_handler (_("DWARF error: can't find %s section."),
|
||||
sec->uncompressed_name);
|
||||
@@ -554,12 +556,23 @@ read_section (bfd * abfd,
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
- *section_size = msec->rawsize ? msec->rawsize : msec->size;
|
||||
+ amt = bfd_get_section_limit_octets (abfd, msec);
|
||||
+ filesize = bfd_get_file_size (abfd);
|
||||
+ if (amt >= filesize)
|
||||
+ {
|
||||
+ /* PR 26946 */
|
||||
+ _bfd_error_handler (_("DWARF error: section %s is larger than its filesize! (0x%lx vs 0x%lx)"),
|
||||
+ section_name, (long) amt, (long) filesize);
|
||||
+ bfd_set_error (bfd_error_bad_value);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+ *section_size = amt;
|
||||
/* Paranoia - alloc one extra so that we can make sure a string
|
||||
section is NUL terminated. */
|
||||
- amt = *section_size + 1;
|
||||
+ amt += 1;
|
||||
if (amt == 0)
|
||||
{
|
||||
+ /* Paranoia - this should never happen. */
|
||||
bfd_set_error (bfd_error_no_memory);
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -84,6 +84,7 @@ stdenv.mkDerivation {
|
||||
./gold-Update-GNU_PROPERTY_X86_XXX-macros.patch
|
||||
|
||||
./CVE-2020-35448.patch
|
||||
./CVE-2021-3487.patch
|
||||
] ++ lib.optional stdenv.targetPlatform.isiOS ./support-ios.patch
|
||||
++ # This patch was suggested by Nick Clifton to fix
|
||||
# https://sourceware.org/bugzilla/show_bug.cgi?id=16177
|
||||
|
Loading…
Reference in New Issue
Block a user