From 86b5dd655f3a5657e2d591990198e2459be35989 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Thu, 21 Nov 2019 08:10:18 +0000 Subject: [PATCH] Fix a buffer overrun in the note merging code. Resolves: #1774507 --- binutils-improved-note-merging.patch | 27 +++++++++++++++++++++++++++ binutils.spec | 5 ++++- 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/binutils-improved-note-merging.patch b/binutils-improved-note-merging.patch index 46c88c9..885ed16 100644 --- a/binutils-improved-note-merging.patch +++ b/binutils-improved-note-merging.patch @@ -1960,3 +1960,30 @@ diff -rupN binutils.orig/binutils/testsuite/binutils-all/objcopy.exp binutils-2. continue; } +--- binutils.orig/binutils/objcopy.c 2019-11-20 16:49:37.481749288 +0000 ++++ binutils-2.33.1/binutils/objcopy.c 2019-11-20 16:50:25.294371622 +0000 +@@ -2450,7 +2450,9 @@ merge_gnu_build_notes (bfd * ab + bfd_vma prev_start = 0; + bfd_vma prev_end = 0; + +- new = new_contents = xmalloc (size); ++ /* Not sure how, but the notes might grow in size. ++ (eg see PR 1774507). Allow for this here. */ ++ new = new_contents = xmalloc (size * 2); + for (pnote = pnotes, old = contents; + pnote < pnotes_end; + pnote ++) +@@ -2517,8 +2519,11 @@ merge_gnu_build_notes (bfd * ab + #endif + + new_size = new - new_contents; +- memcpy (contents, new_contents, new_size); +- size = new_size; ++ if (new_size < size) ++ { ++ memcpy (contents, new_contents, new_size); ++ size = new_size; ++ } + free (new_contents); + + done: diff --git a/binutils.spec b/binutils.spec index 497b734..fae1302 100644 --- a/binutils.spec +++ b/binutils.spec @@ -2,7 +2,7 @@ Summary: A GNU collection of binary utilities Name: %{?cross}binutils%{?_with_debug:-debug} Version: 2.33.1 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -777,6 +777,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Thu Nov 21 2019 Nick Clifton - 2.33-8 +- Fix a buffer overrun in the note merging code. (#1774507) + * Wed Nov 13 2019 Nick Clifton - 2.33-7 - Fix a potential seg-fault in the BFD library when parsing pathalogical debug_info sections. (#1771669) - Fix a potential memory exhaustion in the BFD library when parsing corrupt DWARF debug information. (#1771678)