rpms/binutils
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix excessive memory consumption parsing corrupt DWARF information.

Browse Source 
Resolves: #1947969
This commit is contained in:
Nick Clifton 2021-04-09 17:40:36 +01:00
parent 419f9fff4a
commit 56d95751ec
2 changed files with 43 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
binutils-CVE-2021-3487.patch Normal file
View File

@ -0,0 +1,34 @@
--- binutils.orig/bfd/dwarf2.c 2021-04-09 16:59:18.345187116 +0100
+++ binutils-2.35/bfd/dwarf2.c 2021-04-09 17:02:03.614064723 +0100
@@ -539,6 +539,8 @@ read_section (bfd * abfd,
/* The section may have already been read. */
if (contents == NULL)
{
+ ufile_ptr filesize;
+
msec = bfd_get_section_by_name (abfd, section_name);
if (! msec)
{
@@ -554,10 +556,20 @@ read_section (bfd * abfd,
return FALSE;
}
- *section_size = msec->rawsize ? msec->rawsize : msec->size;
+ amt = bfd_get_section_limit_octets (abfd, msec);
+ filesize = bfd_get_file_size (abfd);
+ if (amt >= filesize)
+ {
+ /* PR 26946 */
+ _bfd_error_handler (_("DWARF error: section %s is larger than its filesize! (0x%lx vs 0x%lx)"),
+ section_name, (long) amt, (long) filesize);
+ bfd_set_error (bfd_error_bad_value);
+ return FALSE;
+ }
+ *section_size = amt;
/* Paranoia - alloc one extra so that we can make sure a string
section is NUL terminated. */
- amt = *section_size + 1;
+ amt += 1;
if (amt == 0)
{
bfd_set_error (bfd_error_no_memory);

10
binutils.spec
View File

@ -2,7 +2,7 @@
Summary: A GNU collection of binary utilities Summary: A GNU collection of binary utilities
Name: %{?cross}binutils%{?_with_debug:-debug} Name: %{?cross}binutils%{?_with_debug:-debug}
Version: 2.35 Version: 2.35
Release: 19%{?dist} Release: 20%{?dist}
License: GPLv3+ License: GPLv3+
URL: https://sourceware.org/binutils URL: https://sourceware.org/binutils
@ -263,6 +263,11 @@ Patch31: binutils-gold-gnu-properties.patch
# Lifetime: Fixed in 2.36 # Lifetime: Fixed in 2.36
Patch32: binutils-CVE-2021-20294.patch Patch32: binutils-CVE-2021-20294.patch
# Purpose: Fix excessive memory consumption when attempting to parse corrupt
# DWARF debug information.
# Lifetime: Fixed in 2.36
Patch33: binutils-CVE-2021-3487.patch
#---------------------------------------------------------------------------- #----------------------------------------------------------------------------
Provides: bundled(libiberty) Provides: bundled(libiberty)
@ -836,6 +841,9 @@ exit 0
#---------------------------------------------------------------------------- #----------------------------------------------------------------------------
%changelog %changelog
* Fri Apr 09 2021 Nick Clifton <nickc@redhat.com> - 2.35-20
- Fix excessive memory consumption parsing corrupt DWARF information. (#1947969)
* Fri Mar 26 2021 Nick Clifton <nickc@redhat.com> - 2.35-19 * Fri Mar 26 2021 Nick Clifton <nickc@redhat.com> - 2.35-19
- Fix an illegal memory access when using readelf to examine a corrupt file. (#1943534) - Fix an illegal memory access when using readelf to examine a corrupt file. (#1943534)