51 lines
1.7 KiB
Diff
51 lines
1.7 KiB
Diff
From FEDORA_PATCHES Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Alexandra=20H=C3=A1jkov=C3=A1?= <ahajkova@redhat.com>
|
|
Date: Sun, 17 Sep 2023 13:36:13 +0200
|
|
Subject: gdb-rhbz2233961-CVE-2022-4806.patch
|
|
|
|
;; Backport PR29922, SHT_NOBITS section
|
|
;; avoids section size sanity check.
|
|
|
|
PR29922, SHT_NOBITS section avoids section size sanity check
|
|
|
|
PR 29922
|
|
* dwarf2.c (find_debug_info): Ignore sections without
|
|
SEC_HAS_CONTENTS.
|
|
|
|
diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
|
|
--- a/bfd/dwarf2.c
|
|
+++ b/bfd/dwarf2.c
|
|
@@ -4831,16 +4831,19 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
|
|
{
|
|
look = debug_sections[debug_info].uncompressed_name;
|
|
msec = bfd_get_section_by_name (abfd, look);
|
|
- if (msec != NULL)
|
|
+ /* Testing SEC_HAS_CONTENTS is an anti-fuzzer measure. Of
|
|
+ course debug sections always have contents. */
|
|
+ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
|
|
return msec;
|
|
|
|
look = debug_sections[debug_info].compressed_name;
|
|
msec = bfd_get_section_by_name (abfd, look);
|
|
- if (msec != NULL)
|
|
+ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
|
|
return msec;
|
|
|
|
for (msec = abfd->sections; msec != NULL; msec = msec->next)
|
|
- if (startswith (msec->name, GNU_LINKONCE_INFO))
|
|
+ if ((msec->flags & SEC_HAS_CONTENTS) != 0
|
|
+ && startswith (msec->name, GNU_LINKONCE_INFO))
|
|
return msec;
|
|
|
|
return NULL;
|
|
@@ -4848,6 +4851,9 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
|
|
|
|
for (msec = after_sec->next; msec != NULL; msec = msec->next)
|
|
{
|
|
+ if ((msec->flags & SEC_HAS_CONTENTS) == 0)
|
|
+ continue;
|
|
+
|
|
look = debug_sections[debug_info].uncompressed_name;
|
|
if (strcmp (msec->name, look) == 0)
|
|
return msec;
|