Import patch from mainline to fix seg-fault when reading corrupt group headers.
Resolves: BZ #1157276, #11527277
This commit is contained in:
parent
09883f6445
commit
b57b4a1e9b
86
binutils-2.24-corrupt-groups.patch
Normal file
86
binutils-2.24-corrupt-groups.patch
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
*** ../binutils-2.24.orig/bfd/elf.c 2014-10-27 12:47:20.989181791 +0000
|
||||||
|
--- bfd/elf.c 2014-10-27 12:47:33.296248170 +0000
|
||||||
|
*************** setup_group (bfd *abfd, Elf_Internal_Shd
|
||||||
|
*** 608,616 ****
|
||||||
|
if (shdr->contents == NULL)
|
||||||
|
{
|
||||||
|
_bfd_error_handler
|
||||||
|
! (_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
|
||||||
|
bfd_set_error (bfd_error_bad_value);
|
||||||
|
! return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
memset (shdr->contents, 0, amt);
|
||||||
|
--- 608,617 ----
|
||||||
|
if (shdr->contents == NULL)
|
||||||
|
{
|
||||||
|
_bfd_error_handler
|
||||||
|
! (_("%B: corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
|
||||||
|
bfd_set_error (bfd_error_bad_value);
|
||||||
|
! -- num_group;
|
||||||
|
! continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
memset (shdr->contents, 0, amt);
|
||||||
|
*************** setup_group (bfd *abfd, Elf_Internal_Shd
|
||||||
|
*** 618,625 ****
|
||||||
|
if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
|
||||||
|
|| (bfd_bread (shdr->contents, shdr->sh_size, abfd)
|
||||||
|
!= shdr->sh_size))
|
||||||
|
! return FALSE;
|
||||||
|
!
|
||||||
|
/* Translate raw contents, a flag word followed by an
|
||||||
|
array of elf section indices all in target byte order,
|
||||||
|
to the flag word followed by an array of elf section
|
||||||
|
--- 619,635 ----
|
||||||
|
if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
|
||||||
|
|| (bfd_bread (shdr->contents, shdr->sh_size, abfd)
|
||||||
|
!= shdr->sh_size))
|
||||||
|
! {
|
||||||
|
! _bfd_error_handler
|
||||||
|
! (_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size);
|
||||||
|
! bfd_set_error (bfd_error_bad_value);
|
||||||
|
! -- num_group;
|
||||||
|
! /* PR 17510: If the group contents are even partially
|
||||||
|
! corrupt, do not allow any of the contents to be used. */
|
||||||
|
! memset (shdr->contents, 0, amt);
|
||||||
|
! continue;
|
||||||
|
! }
|
||||||
|
!
|
||||||
|
/* Translate raw contents, a flag word followed by an
|
||||||
|
array of elf section indices all in target byte order,
|
||||||
|
to the flag word followed by an array of elf section
|
||||||
|
*************** setup_group (bfd *abfd, Elf_Internal_Shd
|
||||||
|
*** 651,656 ****
|
||||||
|
--- 661,681 ----
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ /* PR 17510: Corrupt binaries might contain invalid groups. */
|
||||||
|
+ if (num_group != (unsigned) elf_tdata (abfd)->num_group)
|
||||||
|
+ {
|
||||||
|
+ elf_tdata (abfd)->num_group = num_group;
|
||||||
|
+
|
||||||
|
+ /* If all groups are invalid then fail. */
|
||||||
|
+ if (num_group == 0)
|
||||||
|
+ {
|
||||||
|
+ elf_tdata (abfd)->group_sect_ptr = NULL;
|
||||||
|
+ elf_tdata (abfd)->num_group = num_group = -1;
|
||||||
|
+ (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd);
|
||||||
|
+ bfd_set_error (bfd_error_bad_value);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
*************** setup_group (bfd *abfd, Elf_Internal_Shd
|
||||||
|
*** 716,721 ****
|
||||||
|
--- 741,747 ----
|
||||||
|
{
|
||||||
|
(*_bfd_error_handler) (_("%B: no group info for section %A"),
|
||||||
|
abfd, newsect);
|
||||||
|
+ return FALSE;
|
||||||
|
}
|
||||||
|
return TRUE;
|
||||||
|
}
|
@ -19,7 +19,7 @@
|
|||||||
Summary: A GNU collection of binary utilities
|
Summary: A GNU collection of binary utilities
|
||||||
Name: %{?cross}binutils%{?_with_debug:-debug}
|
Name: %{?cross}binutils%{?_with_debug:-debug}
|
||||||
Version: 2.24
|
Version: 2.24
|
||||||
Release: 24%{?dist}
|
Release: 25%{?dist}
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
Group: Development/Tools
|
Group: Development/Tools
|
||||||
URL: http://sources.redhat.com/binutils
|
URL: http://sources.redhat.com/binutils
|
||||||
@ -73,6 +73,7 @@ Patch28: binutils-2.24-aarch64-fix-static-ifunc.patch
|
|||||||
Patch29: binutils-2.24-aarch64-fix-ie-relax.patch
|
Patch29: binutils-2.24-aarch64-fix-ie-relax.patch
|
||||||
Patch30: binutils-HEAD-change-ld-notice-interface.patch
|
Patch30: binutils-HEAD-change-ld-notice-interface.patch
|
||||||
Patch31: binutils-2.24-corrupt-srec.patch
|
Patch31: binutils-2.24-corrupt-srec.patch
|
||||||
|
Patch32: binutils-2.24-corrupt-groups.patch
|
||||||
|
|
||||||
Provides: bundled(libiberty)
|
Provides: bundled(libiberty)
|
||||||
|
|
||||||
@ -208,6 +209,7 @@ using libelf instead of BFD.
|
|||||||
%patch29 -p1 -b .aa64-3~
|
%patch29 -p1 -b .aa64-3~
|
||||||
%patch30 -p1 -b .ldplugin~
|
%patch30 -p1 -b .ldplugin~
|
||||||
%patch31 -p0 -b .srec~
|
%patch31 -p0 -b .srec~
|
||||||
|
%patch32 -p0 -b .groups~
|
||||||
|
|
||||||
# We cannot run autotools as there is an exact requirement of autoconf-2.59.
|
# We cannot run autotools as there is an exact requirement of autoconf-2.59.
|
||||||
|
|
||||||
@ -522,6 +524,10 @@ exit 0
|
|||||||
%endif # %{isnative}
|
%endif # %{isnative}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Oct 27 2014 Nick Clifton <nickc@redhat.com> - 2.24-25
|
||||||
|
- Import patch from mainline to fix seg-fault when reading corrupt group headers.
|
||||||
|
Resolves: BZ #1157276
|
||||||
|
|
||||||
* Fri Oct 24 2014 Nick Clifton <nickc@redhat.com> - 2.24-24
|
* Fri Oct 24 2014 Nick Clifton <nickc@redhat.com> - 2.24-24
|
||||||
- Import patch from mainline to fix seg-fault when reading corrupt srec fields.
|
- Import patch from mainline to fix seg-fault when reading corrupt srec fields.
|
||||||
Resolves: BZ #1156272
|
Resolves: BZ #1156272
|
||||||
|
Loading…
Reference in New Issue
Block a user