Fix a buffer overrun in the note merging code.

Resolves: #1774507
This commit is contained in:
Nick Clifton 2019-11-21 08:10:18 +00:00
parent 2ea649d73a
commit 86b5dd655f
2 changed files with 31 additions and 1 deletions

View File

@ -1960,3 +1960,30 @@ diff -rupN binutils.orig/binutils/testsuite/binutils-all/objcopy.exp binutils-2.
continue; continue;
} }
--- binutils.orig/binutils/objcopy.c 2019-11-20 16:49:37.481749288 +0000
+++ binutils-2.33.1/binutils/objcopy.c 2019-11-20 16:50:25.294371622 +0000
@@ -2450,7 +2450,9 @@ merge_gnu_build_notes (bfd * ab
bfd_vma prev_start = 0;
bfd_vma prev_end = 0;
- new = new_contents = xmalloc (size);
+ /* Not sure how, but the notes might grow in size.
+ (eg see PR 1774507). Allow for this here. */
+ new = new_contents = xmalloc (size * 2);
for (pnote = pnotes, old = contents;
pnote < pnotes_end;
pnote ++)
@@ -2517,8 +2519,11 @@ merge_gnu_build_notes (bfd * ab
#endif
new_size = new - new_contents;
- memcpy (contents, new_contents, new_size);
- size = new_size;
+ if (new_size < size)
+ {
+ memcpy (contents, new_contents, new_size);
+ size = new_size;
+ }
free (new_contents);
done:

View File

@ -2,7 +2,7 @@
Summary: A GNU collection of binary utilities Summary: A GNU collection of binary utilities
Name: %{?cross}binutils%{?_with_debug:-debug} Name: %{?cross}binutils%{?_with_debug:-debug}
Version: 2.33.1 Version: 2.33.1
Release: 7%{?dist} Release: 8%{?dist}
License: GPLv3+ License: GPLv3+
URL: https://sourceware.org/binutils URL: https://sourceware.org/binutils
@ -777,6 +777,9 @@ exit 0
#---------------------------------------------------------------------------- #----------------------------------------------------------------------------
%changelog %changelog
* Thu Nov 21 2019 Nick Clifton <nickc@redhat.com> - 2.33-8
- Fix a buffer overrun in the note merging code. (#1774507)
* Wed Nov 13 2019 Nick Clifton <nickc@redhat.com> - 2.33-7 * Wed Nov 13 2019 Nick Clifton <nickc@redhat.com> - 2.33-7
- Fix a potential seg-fault in the BFD library when parsing pathalogical debug_info sections. (#1771669) - Fix a potential seg-fault in the BFD library when parsing pathalogical debug_info sections. (#1771669)
- Fix a potential memory exhaustion in the BFD library when parsing corrupt DWARF debug information. (#1771678) - Fix a potential memory exhaustion in the BFD library when parsing corrupt DWARF debug information. (#1771678)