diff --git a/binutils-CVE-2021-3487.patch b/binutils-CVE-2021-3487.patch new file mode 100644 index 0000000..6ba1244 --- /dev/null +++ b/binutils-CVE-2021-3487.patch @@ -0,0 +1,34 @@ +--- binutils.orig/bfd/dwarf2.c 2021-04-09 16:59:18.345187116 +0100 ++++ binutils-2.35/bfd/dwarf2.c 2021-04-09 17:02:03.614064723 +0100 +@@ -539,6 +539,8 @@ read_section (bfd * abfd, + /* The section may have already been read. */ + if (contents == NULL) + { ++ ufile_ptr filesize; ++ + msec = bfd_get_section_by_name (abfd, section_name); + if (! msec) + { +@@ -554,10 +556,20 @@ read_section (bfd * abfd, + return FALSE; + } + +- *section_size = msec->rawsize ? msec->rawsize : msec->size; ++ amt = bfd_get_section_limit_octets (abfd, msec); ++ filesize = bfd_get_file_size (abfd); ++ if (amt >= filesize) ++ { ++ /* PR 26946 */ ++ _bfd_error_handler (_("DWARF error: section %s is larger than its filesize! (0x%lx vs 0x%lx)"), ++ section_name, (long) amt, (long) filesize); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } ++ *section_size = amt; + /* Paranoia - alloc one extra so that we can make sure a string + section is NUL terminated. */ +- amt = *section_size + 1; ++ amt += 1; + if (amt == 0) + { + bfd_set_error (bfd_error_no_memory); diff --git a/binutils.spec b/binutils.spec index 402b755..e46bdcf 100644 --- a/binutils.spec +++ b/binutils.spec @@ -2,7 +2,7 @@ Summary: A GNU collection of binary utilities Name: %{?cross}binutils%{?_with_debug:-debug} Version: 2.35 -Release: 19%{?dist} +Release: 20%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -263,6 +263,11 @@ Patch31: binutils-gold-gnu-properties.patch # Lifetime: Fixed in 2.36 Patch32: binutils-CVE-2021-20294.patch +# Purpose: Fix excessive memory consumption when attempting to parse corrupt +# DWARF debug information. +# Lifetime: Fixed in 2.36 +Patch33: binutils-CVE-2021-3487.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -836,6 +841,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Fri Apr 09 2021 Nick Clifton - 2.35-20 +- Fix excessive memory consumption parsing corrupt DWARF information. (#1947969) + * Fri Mar 26 2021 Nick Clifton - 2.35-19 - Fix an illegal memory access when using readelf to examine a corrupt file. (#1943534)