Stop GOLD from seg-faulting on a corrupt input with a fuzzed section offset.
Resolves: #1735605
This commit is contained in:
parent
9dc3a9d58c
commit
1f0862a7b6
|
@ -0,0 +1,15 @@
|
||||||
|
--- binutils.orig/gold/fileread.cc 2019-08-06 14:22:08.669313110 +0100
|
||||||
|
+++ binutils-2.32/gold/fileread.cc 2019-08-06 14:22:28.799177543 +0100
|
||||||
|
@@ -381,6 +381,12 @@ File_read::do_read(off_t start, section_
|
||||||
|
ssize_t bytes;
|
||||||
|
if (this->whole_file_view_ != NULL)
|
||||||
|
{
|
||||||
|
+ // See PR 23765 for an example of a testcase that triggers this error.
|
||||||
|
+ if (((ssize_t) start) < 0)
|
||||||
|
+ gold_fatal(_("%s: read failed, starting offset (%#llx) less than zero"),
|
||||||
|
+ this->filename().c_str(),
|
||||||
|
+ static_cast<long long>(start));
|
||||||
|
+
|
||||||
|
bytes = this->size_ - start;
|
||||||
|
if (static_cast<section_size_type>(bytes) >= size)
|
||||||
|
{
|
|
@ -2,7 +2,7 @@
|
||||||
Summary: A GNU collection of binary utilities
|
Summary: A GNU collection of binary utilities
|
||||||
Name: %{?cross}binutils%{?_with_debug:-debug}
|
Name: %{?cross}binutils%{?_with_debug:-debug}
|
||||||
Version: 2.32
|
Version: 2.32
|
||||||
Release: 21%{?dist}
|
Release: 22%{?dist}
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
URL: https://sourceware.org/binutils
|
URL: https://sourceware.org/binutils
|
||||||
|
|
||||||
|
@ -243,6 +243,11 @@ Patch25: binutils-rh1736114.patch
|
||||||
# Lifetime: Fixed in 2.33
|
# Lifetime: Fixed in 2.33
|
||||||
Patch26: binutils-objcopy-gnu-build-version-notes.patch
|
Patch26: binutils-objcopy-gnu-build-version-notes.patch
|
||||||
|
|
||||||
|
# Purpose: Add a check to the GOLD linker for a corrupt input file
|
||||||
|
# with a fuzzed section offset.
|
||||||
|
# Lifetime: Fixed in 2.33
|
||||||
|
Patch27: binutils-CVE-2019-1010204.patch
|
||||||
|
|
||||||
#----------------------------------------------------------------------------
|
#----------------------------------------------------------------------------
|
||||||
|
|
||||||
Provides: bundled(libiberty)
|
Provides: bundled(libiberty)
|
||||||
|
@ -395,6 +400,7 @@ Conflicts: gcc-c++ < 4.0.0
|
||||||
%patch24 -p1
|
%patch24 -p1
|
||||||
%patch25 -p1
|
%patch25 -p1
|
||||||
%patch26 -p1
|
%patch26 -p1
|
||||||
|
%patch27 -p1
|
||||||
|
|
||||||
# We cannot run autotools as there is an exact requirement of autoconf-2.59.
|
# We cannot run autotools as there is an exact requirement of autoconf-2.59.
|
||||||
# FIXME - this is no longer true. Maybe try reinstating autotool use ?
|
# FIXME - this is no longer true. Maybe try reinstating autotool use ?
|
||||||
|
@ -791,6 +797,9 @@ exit 0
|
||||||
|
|
||||||
#----------------------------------------------------------------------------
|
#----------------------------------------------------------------------------
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 06 2019 Nick Clifton <nickc@redhat.com> - 2.32-22
|
||||||
|
- Stop GOLD from seg-faulting on a corrupt input with a fuzzed section offset. (#1735605)
|
||||||
|
|
||||||
* Mon Aug 05 2019 Nick Clifton <nickc@redhat.com> - 2.32-21
|
* Mon Aug 05 2019 Nick Clifton <nickc@redhat.com> - 2.32-21
|
||||||
- Stop strip from complaining if the first build note is not a version note. (#1736114)
|
- Stop strip from complaining if the first build note is not a version note. (#1736114)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue