code.ossystems Code Review - openembedded-core.git/commit

binutils: CVE-2017-15938

Source: binutils-gdb.git
MR: 76766
Type: Security Fix
Disposition: Backport from binutils master
ChangeID: f080669b4e6f7c9088e30858238da5f4315192f3
Description:

    PR22209, invalid memory read in find_abstract_instance_name

    This patch adds bounds checking for DW_FORM_ref_addr die refs, and
    calculates them relative to the first .debug_info section.  See the
    big comment for why calculating relative to the current .debug_info
    section was wrong for relocatable object files.

        PR 22209
        * dwarf2.c (struct comp_unit): Delete sec_info_ptr field.
        (find_abstract_instance_name): Calculate DW_FORM_ref_addr relative
        to stash->info_ptr_memory, and check die_ref is within that memory.
        Set info_ptr_end correctly when another CU is refd.  Check die_ref
        for DW_FORM_ref4 etc. is within CU.

Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

author	Thiruvadi Rajaraman <trajaraman@mvista.com>
	Wed, 8 Nov 2017 08:14:34 +0000 (13:44 +0530)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Sun, 7 Jan 2018 17:09:48 +0000 (17:09 +0000)
commit	592f315516e602bd9a9bdc3d116771528cd433d1
tree	8b1f93cee38e04a8d49cb365a135bc6e359e16a5	tree \| snapshot
parent	3e88bb5e933ebbf9c3445bac1814dc0ac105bf45	commit \| diff

meta/recipes-devtools/binutils/binutils-2.27.inc		diff \| blob \| history
meta/recipes-devtools/binutils/binutils/CVE-2017-15938.patch	[new file with mode: 0644]	blob