rpms/binutils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix memory corruption bug introduced by the previous patch.

Browse Source
This commit is contained in:
Nick Clifton 2014-10-29 10:36:37 +00:00
parent 8d9ecc8685
commit c6c4136c20
2 changed files with 97 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
binutils-2.24-corrupt-elf.2.patch Normal file
View File

@ -0,0 +1,91 @@
diff -cpr ../binutils-2.24.orig/bfd/elf.c bfd/elf.c
*** ../binutils-2.24.orig/bfd/elf.c 2014-10-28 16:02:16.233549448 +0000
--- bfd/elf.c 2014-10-28 16:02:36.754653055 +0000
*************** bfd_section_from_shdr (bfd *abfd, unsign
*** 1584,1589 ****
--- 1584,1590 ----
const char *name;
bfd_boolean ret = TRUE;
static bfd_boolean * sections_being_created = NULL;
+ static bfd * sections_being_created_abfd = NULL;
static unsigned int nesting = 0;
if (shindex >= elf_numsections (abfd))
*************** bfd_section_from_shdr (bfd *abfd, unsign
*** 1596,1608 ****
loop. Detect this here, by refusing to load a section that we are
already in the process of loading. We only trigger this test if
we have nested at least three sections deep as normal ELF binaries
! can expect to recurse at least once. */
!
if (sections_being_created == NULL)
{
/* FIXME: It would be more efficient to attach this array to the bfd somehow. */
sections_being_created = (bfd_boolean *)
bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean));
}
if (sections_being_created [shindex])
{
--- 1597,1615 ----
loop. Detect this here, by refusing to load a section that we are
already in the process of loading. We only trigger this test if
we have nested at least three sections deep as normal ELF binaries
! can expect to recurse at least once.
!
! FIXME: It would be better if this array was attached to the bfd,
! rather than being held in a static pointer. */
!
! if (sections_being_created_abfd != abfd)
! sections_being_created = NULL;
if (sections_being_created == NULL)
{
/* FIXME: It would be more efficient to attach this array to the bfd somehow. */
sections_being_created = (bfd_boolean *)
bfd_zalloc (abfd, elf_numsections (abfd) * sizeof (bfd_boolean));
+ sections_being_created_abfd = abfd;
}
if (sections_being_created [shindex])
{
*************** bfd_section_from_shdr (bfd *abfd, unsign
*** 2106,2112 ****
if (sections_being_created)
sections_being_created [shindex] = FALSE;
if (-- nesting == 0)
! sections_being_created = NULL;
return ret;
}
--- 2113,2122 ----
if (sections_being_created)
sections_being_created [shindex] = FALSE;
if (-- nesting == 0)
! {
! sections_being_created = NULL;
! sections_being_created_abfd = abfd;
! }
return ret;
}
Only in bfd: elf.c.orig
diff -cpr ../binutils-2.24.orig/bfd/peXXigen.c bfd/peXXigen.c
*** ../binutils-2.24.orig/bfd/peXXigen.c 2014-10-28 16:02:16.251549538 +0000
--- bfd/peXXigen.c 2014-10-28 16:02:36.755653060 +0000
*************** pe_print_edata (bfd * abfd, void * vfile
*** 1444,1449 ****
--- 1444,1458 ----
}
}
+ /* PR 17512: Handle corrupt PE binaries. */
+ if (datasize < 36)
+ {
+ fprintf (file,
+ _("\nThere is an export table in %s, but it is too small (%d)\n"),
+ section->name, (int) datasize);
+ return TRUE;
+ }
+
fprintf (file, _("\nThere is an export table in %s at 0x%lx\n"),
section->name, (unsigned long) addr);
Only in bfd: peXXigen.c.orig

7
binutils.spec
View File

@ -19,7 +19,7 @@
Summary: A GNU collection of binary utilities Summary: A GNU collection of binary utilities
Name: %{?cross}binutils%{?_with_debug:-debug} Name: %{?cross}binutils%{?_with_debug:-debug}
Version: 2.24 Version: 2.24
Release: 26%{?dist} Release: 27%{?dist}
License: GPLv3+ License: GPLv3+
Group: Development/Tools Group: Development/Tools
URL: http://sources.redhat.com/binutils URL: http://sources.redhat.com/binutils
@ -75,6 +75,7 @@ Patch30: binutils-HEAD-change-ld-notice-interface.patch
Patch31: binutils-2.24-corrupt-srec.patch Patch31: binutils-2.24-corrupt-srec.patch
Patch32: binutils-2.24-corrupt-groups.patch Patch32: binutils-2.24-corrupt-groups.patch
Patch33: binutils-2.24-corrupt-elf.patch Patch33: binutils-2.24-corrupt-elf.patch
Patch34: binutils-2.24-corrupt-elf.2.patch
Provides: bundled(libiberty) Provides: bundled(libiberty)
@ -212,6 +213,7 @@ using libelf instead of BFD.
%patch31 -p0 -b .corrupt-srec~ %patch31 -p0 -b .corrupt-srec~
%patch32 -p0 -b .corrupt-groups~ %patch32 -p0 -b .corrupt-groups~
%patch33 -p0 -b .corrupt-elf~ %patch33 -p0 -b .corrupt-elf~
%patch34 -p0 -b .corrupt-elf2~
# We cannot run autotools as there is an exact requirement of autoconf-2.59. # We cannot run autotools as there is an exact requirement of autoconf-2.59.
@ -526,6 +528,9 @@ exit 0
%endif # %{isnative} %endif # %{isnative}
%changelog %changelog
* Wed Oct 29 2014 Nick Clifton <nickc@redhat.com> - 2.24-27
- Fix memory corruption bug introduced by the previous patch.
* Tue Oct 28 2014 Nick Clifton <nickc@redhat.com> - 2.24-26 * Tue Oct 28 2014 Nick Clifton <nickc@redhat.com> - 2.24-26
- Import patches for PR/17510 and PR/17512 to fix reading corrupt ELF binaries. - Import patches for PR/17510 and PR/17512 to fix reading corrupt ELF binaries.
Resolves: BZ #1157276, #1157277 Resolves: BZ #1157276, #1157277