]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 0d6e08f) | patch
binutils: CVE-2017-8398
authorThiruvadi Rajaraman <trajaraman@mvista.com>
Wed, 20 Sep 2017 08:22:00 +0000 (13:52 +0530)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sun, 7 Jan 2018 17:09:46 +0000 (17:09 +0000)
commit1e19e656a97caf61f26ab4f52339b9413d3bb29f
treeaca163b6b52cacf34a1acd596debe0d2b0994a12tree | snapshot
parent0d6e08ffc4760947653ad9368d594074d506f697commit | diff
binutils: CVE-2017-8398

Source: git://sourceware.org/git/binutils-gdb.git
MR: 74127
Type: Security Fix
Disposition: Backport from binutils-2_29
ChangeID: 410078b468de6dc1c908342283a6abe5bdf38d54
Description:

Fix heap-buffer overflow bugs caused when dumping debug information from a corrupt binary.

  PR binutils/21438
     * dwarf.c (process_extended_line_op): Do not assume that the
       string extracted from the section is NUL terminated.
       (fetch_indirect_string): If the string retrieved from the section
       is not NUL terminated, return an error message.
       (fetch_indirect_line_string): Likewise.
       (fetch_indexed_string): Likewise.

Affects: <= 2.29

Author: Nick Clifton <nickc@redhat.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-devtools/binutils/binutils-2.27.inc diff | blob | history
meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch [new file with mode: 0644] blob
Mirror of the official openembedded-core repository