import gcc-toolset-9-binutils-2.32-17.el8
This commit is contained in:
CentOS Sources
parent
af0011f924
commit
0cbb7bf8b3
|
|
@ -0,0 +1,17 @@
|
|||
--- binutils.orig/libiberty/simple-object-elf.c 2019-08-09 14:13:51.677330065 +0100
|
||||
+++ binutils-2.32/libiberty/simple-object-elf.c 2019-08-09 14:14:31.177076298 +0100
|
||||
@@ -549,6 +549,14 @@ simple_object_elf_match (unsigned char h
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+ if (eor->shstrndx == 0)
|
||||
+ {
|
||||
+ *errmsg = "invalid ELF shstrndx == 0";
|
||||
+ *err = 0;
|
||||
+ XDELETE (eor);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
return (void *) eor;
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
--- binutils.orig/binutils/readelf.c 2019-08-13 10:03:33.518792590 +0100
|
||||
+++ binutils-2.32/binutils/readelf.c 2019-08-13 10:04:22.885418269 +0100
|
||||
@@ -13234,7 +13234,7 @@ apply_relocations (Filedata *
|
||||
}
|
||||
|
||||
rloc = start + rp->r_offset;
|
||||
- if ((rloc + reloc_size) > end || (rloc < start))
|
||||
+ if (rloc >= end || (rloc + reloc_size) > end || (rloc < start))
|
||||
{
|
||||
warn (_("skipping invalid relocation offset 0x%lx in section %s\n"),
|
||||
(unsigned long) rp->r_offset,
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
--- binutils.orig/bfd/dwarf2.c 2019-11-13 11:49:52.211121564 +0000
|
||||
+++ binutils-2.33.1/bfd/dwarf2.c 2019-11-13 11:53:26.991423055 +0000
|
||||
@@ -2813,8 +2813,8 @@ static bfd_boolean comp_unit_maybe_decod
|
||||
|
||||
static bfd_boolean
|
||||
find_abstract_instance (struct comp_unit * unit,
|
||||
- bfd_byte * orig_info_ptr,
|
||||
struct attribute * attr_ptr,
|
||||
+ unsigned int recur_count,
|
||||
const char ** pname,
|
||||
bfd_boolean * is_linkage,
|
||||
char ** filename_ptr,
|
||||
@@ -2829,6 +2829,14 @@ find_abstract_instance (struct comp_unit
|
||||
struct attribute attr;
|
||||
const char *name = NULL;
|
||||
|
||||
+ if (recur_count == 100)
|
||||
+ {
|
||||
+ _bfd_error_handler
|
||||
+ (_("DWARF error: abstract instance recursion detected"));
|
||||
+ bfd_set_error (bfd_error_bad_value);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
/* DW_FORM_ref_addr can reference an entry in a different CU. It
|
||||
is an offset from the .debug_info section, not the current CU. */
|
||||
if (attr_ptr->form == DW_FORM_ref_addr)
|
||||
@@ -2962,15 +2970,7 @@ find_abstract_instance (struct comp_unit
|
||||
info_ptr, info_ptr_end);
|
||||
if (info_ptr == NULL)
|
||||
break;
|
||||
- /* It doesn't ever make sense for DW_AT_specification to
|
||||
- refer to the same DIE. Stop simple recursion. */
|
||||
- if (info_ptr == orig_info_ptr)
|
||||
- {
|
||||
- _bfd_error_handler
|
||||
- (_("DWARF error: abstract instance recursion detected"));
|
||||
- bfd_set_error (bfd_error_bad_value);
|
||||
- return FALSE;
|
||||
- }
|
||||
+
|
||||
switch (attr.name)
|
||||
{
|
||||
case DW_AT_name:
|
||||
@@ -2984,7 +2984,7 @@ find_abstract_instance (struct comp_unit
|
||||
}
|
||||
break;
|
||||
case DW_AT_specification:
|
||||
- if (!find_abstract_instance (unit, info_ptr, &attr,
|
||||
+ if (!find_abstract_instance (unit, &attr, recur_count + 1,
|
||||
&name, is_linkage,
|
||||
filename_ptr, linenumber_ptr))
|
||||
return FALSE;
|
||||
@@ -3200,7 +3200,7 @@ scan_unit_for_symbols (struct comp_unit
|
||||
|
||||
case DW_AT_abstract_origin:
|
||||
case DW_AT_specification:
|
||||
- if (!find_abstract_instance (unit, info_ptr, &attr,
|
||||
+ if (!find_abstract_instance (unit, &attr, 0,
|
||||
&func->name,
|
||||
&func->is_linkage,
|
||||
&func->file,
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
--- binutils.orig/bfd/dwarf2.c 2019-11-13 11:32:09.395430104 +0000
|
||||
+++ binutils-2.33.1/bfd/dwarf2.c 2019-11-13 11:33:17.272899503 +0000
|
||||
@@ -4440,7 +4440,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd,
|
||||
for (total_size = 0;
|
||||
msec;
|
||||
msec = find_debug_info (debug_bfd, debug_sections, msec))
|
||||
- total_size += msec->size;
|
||||
+ {
|
||||
+ /* Catch PR25070 testcase overflowing size calculation here. */
|
||||
+ if (total_size + msec->size < total_size
|
||||
+ || total_size + msec->size < msec->size)
|
||||
+ {
|
||||
+ bfd_set_error (bfd_error_no_memory);
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+ total_size += msec->size;
|
||||
+ }
|
||||
|
||||
stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size);
|
||||
if (stash->info_ptr_memory == NULL)
|
||||
File diff suppressed because it is too large
Load Diff
|
|
@ -5,7 +5,7 @@
|
|||
Summary: A GNU collection of binary utilities
|
||||
Name: %{?scl_prefix}%{?cross}binutils%{?_with_debug:-debug}
|
||||
Version: 2.32
|
||||
Release: 15%{?dist}
|
||||
Release: 17%{?dist}
|
||||
License: GPLv3+
|
||||
URL: https://sourceware.org/binutils
|
||||
|
||||
|
|
@ -277,6 +277,29 @@ Patch32: binutils-remove-DUP-FUNXC-debug-fprintf.patch
|
|||
# Lifetime: Fixed in 2.33
|
||||
Patch33: binutils-objcopy-version-note.patch
|
||||
|
||||
# Purpose: Add check to libiberty library in order to prevent an integer overflow in the gold linker.
|
||||
# Lifetime: Fixed in 2.33
|
||||
Patch34: binutils-CVE-2019-14250.patch
|
||||
|
||||
# Purpose: Add check to readelf in order to prevent an integer overflow.
|
||||
# Lifetime: Fixed in 2.33
|
||||
Patch35: binutils-CVE-2019-14444.patch
|
||||
|
||||
# Purpose: Fix a potential seg-fault in the BFD library when parsing
|
||||
# pathalogical debug_info sections.
|
||||
# Lifetime: Fixed in 2.34
|
||||
Patch36: binutils-CVE-2019-17451.patch
|
||||
|
||||
# Purpose: Fix a memory exhaustion bug in the BFD library when parsing
|
||||
# corrupt DWARF debug information.
|
||||
# Lifetime: Fixed in 2.34
|
||||
Patch37: binutils-CVE-2019-17450.patch
|
||||
|
||||
# Purpose: Add a feature to the x86/64 assembler to create
|
||||
# workarounds for the Intel Jcc Erratum.
|
||||
# Lifetime: Fixed in 2.34
|
||||
Patch38: binutils-x86-JCC-Errata.patch
|
||||
|
||||
#----------------------------------------------------------------------------
|
||||
|
||||
Provides: bundled(libiberty)
|
||||
|
|
@ -435,6 +458,11 @@ using libelf instead of BFD.
|
|||
%patch31 -p1
|
||||
%patch32 -p1
|
||||
%patch33 -p1
|
||||
%patch34 -p1
|
||||
%patch35 -p1
|
||||
%patch36 -p1
|
||||
%patch37 -p1
|
||||
%patch38 -p1
|
||||
|
||||
# We cannot run autotools as there is an exact requirement of autoconf-2.59.
|
||||
# FIXME - this is no longer true. Maybe try reinstating autotool use ?
|
||||
|
|
@ -870,6 +898,13 @@ exit 0
|
|||
|
||||
#----------------------------------------------------------------------------
|
||||
%changelog
|
||||
* Sun Dec 08 2019 Nick Clifton <nickc@redhat.com> - 2.32-17
|
||||
- Fix a potential seg-fault in the BFD library when parsing pathalogical debug_info sections. (#1779255)
|
||||
- Fix a potential memory exhaustion in the BFD library when parsing corrupt DWARF debug information.
|
||||
- Backport H.J.Lu's patch to add a workaround for the JCC Errata to the assembler. (#1779417)
|
||||
- Fix potential integer overflow in readelf. (#1740470)
|
||||
- Fix potential integer overflow in GOLD. (#1739491)
|
||||
|
||||
* Tue Aug 06 2019 Nick Clifton <nickc@redhat.com> - 2.32-15
|
||||
- Stop strip from complaining if the first build note is not a version note. (#1736114)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue