gdb/gdb-rhbz2233961-CVE-2022-4806.patch

51 lines
1.7 KiB
Diff
Raw Normal View History

From FEDORA_PATCHES Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexandra=20H=C3=A1jkov=C3=A1?= <ahajkova@redhat.com>
Date: Sun, 17 Sep 2023 13:36:13 +0200
Subject: gdb-rhbz2233961-CVE-2022-4806.patch
;; Backport PR29922, SHT_NOBITS section
;; avoids section size sanity check.
PR29922, SHT_NOBITS section avoids section size sanity check
PR 29922
* dwarf2.c (find_debug_info): Ignore sections without
SEC_HAS_CONTENTS.
diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
--- a/bfd/dwarf2.c
+++ b/bfd/dwarf2.c
@@ -4831,16 +4831,19 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
{
look = debug_sections[debug_info].uncompressed_name;
msec = bfd_get_section_by_name (abfd, look);
- if (msec != NULL)
+ /* Testing SEC_HAS_CONTENTS is an anti-fuzzer measure. Of
+ course debug sections always have contents. */
+ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
return msec;
look = debug_sections[debug_info].compressed_name;
msec = bfd_get_section_by_name (abfd, look);
- if (msec != NULL)
+ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
return msec;
for (msec = abfd->sections; msec != NULL; msec = msec->next)
- if (startswith (msec->name, GNU_LINKONCE_INFO))
+ if ((msec->flags & SEC_HAS_CONTENTS) != 0
+ && startswith (msec->name, GNU_LINKONCE_INFO))
return msec;
return NULL;
@@ -4848,6 +4851,9 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
for (msec = after_sec->next; msec != NULL; msec = msec->next)
{
+ if ((msec->flags & SEC_HAS_CONTENTS) == 0)
+ continue;
+
look = debug_sections[debug_info].uncompressed_name;
if (strcmp (msec->name, look) == 0)
return msec;