git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Thiruvadi Rajaraman <trajaraman@mvista.com>
	Wed, 8 Nov 2017 08:14:34 +0000 (13:44 +0530)
committer	Armin Kuster <akuster@mvista.com>
	Fri, 24 Nov 2017 01:40:49 +0000 (17:40 -0800)
commit	10dea17fddf15f3e0385bf74708f7eb556bb8e6e
tree	f81f0f82585217f4908bffa4be4f600db277324a	tree
parent	d842b34140feaf18d1848bd7d039e2ed1d7d4d35	commit \| diff

binutils: CVE-2017-15938

Source: binutils-gdb.git
MR: 76766
Type: Security Fix
Disposition: Backport from binutils master
ChangeID: f080669b4e6f7c9088e30858238da5f4315192f3
Description:

    PR22209, invalid memory read in find_abstract_instance_name

    This patch adds bounds checking for DW_FORM_ref_addr die refs, and
    calculates them relative to the first .debug_info section.  See the
    big comment for why calculating relative to the current .debug_info
    section was wrong for relocatable object files.

        PR 22209
        * dwarf2.c (struct comp_unit): Delete sec_info_ptr field.
        (find_abstract_instance_name): Calculate DW_FORM_ref_addr relative
        to stash->info_ptr_memory, and check die_ref is within that memory.
        Set info_ptr_end correctly when another CU is refd.  Check die_ref
        for DW_FORM_ref4 etc. is within CU.

Affects: <= 2.29
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

meta/recipes-devtools/binutils/binutils-2.27.inc		diff \| blob \| blame \| history
meta/recipes-devtools/binutils/binutils/CVE-2017-15938.patch	[new file with mode: 0644]	blob