import-layers/yocto-poky/meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch - openbmc/openbmc - Gitiles

 From ae87f7e73eba29bd38b3a9684a10b948ed715612 Mon Sep 17 00:00:00 2001
 From: Nick Clifton <nickc@redhat.com>
 Date: Wed, 14 Jun 2017 16:50:03 +0100
 Subject: [PATCH] Fix address violation when disassembling a corrupt binary.

 	PR binutils/21580
 binutils * objdump.c (disassemble_bytes): Check for buffer overrun when
 	printing out rae insns.

 ld	* testsuite/ld-nds32/diff.d: Adjust expected output.

 Upstream-Status: Backport
 CVE: CVE-2017-9746
 Signed-off-by: Armin Kuster <akuster@mvista.com>

 ---
  binutils/objdump.c           | 27 +++++++++++++++------------
  ld/ChangeLog                 |  5 +++++
  ld/testsuite/ld-nds32/diff.d |  6 +++---
  3 files changed, 23 insertions(+), 15 deletions(-)

 Index: git/binutils/objdump.c
 ===================================================================
 --- git.orig/binutils/objdump.c
 +++ git/binutils/objdump.c
 @@ -1855,20 +1855,23 @@ disassemble_bytes (struct disassemble_in

  	      for (j = addr_offset * opb; j < addr_offset * opb + pb; j += bpc)
  		{
 -		  int k;
 -
 -		  if (bpc > 1 && inf->display_endian == BFD_ENDIAN_LITTLE)
 -		    {
 -		      for (k = bpc - 1; k >= 0; k--)
 -			printf ("%02x", (unsigned) data[j + k]);
 -		      putchar (' ');
 -		    }
 -		  else
 +		  /* PR 21580: Check for a buffer ending early.  */
 +		  if (j + bpc <= stop_offset * opb)
  		    {
 -		      for (k = 0; k < bpc; k++)
 -			printf ("%02x", (unsigned) data[j + k]);
 -		      putchar (' ');
 +		      int k;
 +
 +		      if (inf->display_endian == BFD_ENDIAN_LITTLE)
 +			{
 +			  for (k = bpc - 1; k >= 0; k--)
 +			    printf ("%02x", (unsigned) data[j + k]);
 +			}
 +		      else
 +			{
 +			  for (k = 0; k < bpc; k++)
 +			    printf ("%02x", (unsigned) data[j + k]);
 +			}
  		    }
 +		  putchar (' ');
  		}

  	      for (; pb < octets_per_line; pb += bpc)
 Index: git/ld/testsuite/ld-nds32/diff.d
 ===================================================================
 --- git.orig/ld/testsuite/ld-nds32/diff.d
 +++ git/ld/testsuite/ld-nds32/diff.d
 @@ -7,9 +7,9 @@

  Disassembly of section .data:
  00008000 <WORD> (7e 00 00 00|00 00 00 7e).*
 -00008004 <HALF> (7e 00 7e fe|00 7e 7e fe).*
 -00008006 <BYTE> 7e fe 00 fe.*
 -00008007 <ULEB128> fe 00.*
 +00008004 <HALF> (7e 00|00 7e).*
 +00008006 <BYTE> 7e.*
 +00008007 <ULEB128> fe.*
  	...
  00008009 <ULEB128_2> fe 00.*
  .*
 Index: git/ld/ChangeLog
 ===================================================================
 --- git.orig/ld/ChangeLog
 +++ git/ld/ChangeLog
 @@ -1,3 +1,8 @@
 +2017-06-14  Nick Clifton  <nickc@redhat.com>
 +
 +       PR binutils/21580
 +       * testsuite/ld-nds32/diff.d: Adjust expected output.
 +
  2017-03-07  Alan Modra  <amodra@gmail.com>

  	* ldlang.c (open_input_bfds): Check that lang_assignment_statement
	From ae87f7e73eba29bd38b3a9684a10b948ed715612 Mon Sep 17 00:00:00 2001
	From: Nick Clifton <nickc@redhat.com>
	Date: Wed, 14 Jun 2017 16:50:03 +0100
	Subject: [PATCH] Fix address violation when disassembling a corrupt binary.

	PR binutils/21580
	binutils * objdump.c (disassemble_bytes): Check for buffer overrun when
	printing out rae insns.

	ld * testsuite/ld-nds32/diff.d: Adjust expected output.

	Upstream-Status: Backport
	CVE: CVE-2017-9746
	Signed-off-by: Armin Kuster <akuster@mvista.com>

	---
	binutils/objdump.c \| 27 +++++++++++++++------------
	ld/ChangeLog \| 5 +++++
	ld/testsuite/ld-nds32/diff.d \| 6 +++---
	3 files changed, 23 insertions(+), 15 deletions(-)

	Index: git/binutils/objdump.c
	===================================================================
	--- git.orig/binutils/objdump.c
	+++ git/binutils/objdump.c
	@@ -1855,20 +1855,23 @@ disassemble_bytes (struct disassemble_in

	for (j = addr_offset * opb; j < addr_offset * opb + pb; j += bpc)
	{
	- int k;
	-
	- if (bpc > 1 && inf->display_endian == BFD_ENDIAN_LITTLE)
	- {
	- for (k = bpc - 1; k >= 0; k--)
	- printf ("%02x", (unsigned) data[j + k]);
	- putchar (' ');
	- }
	- else
	+ /* PR 21580: Check for a buffer ending early. */
	+ if (j + bpc <= stop_offset * opb)
	{
	- for (k = 0; k < bpc; k++)
	- printf ("%02x", (unsigned) data[j + k]);
	- putchar (' ');
	+ int k;
	+
	+ if (inf->display_endian == BFD_ENDIAN_LITTLE)
	+ {
	+ for (k = bpc - 1; k >= 0; k--)
	+ printf ("%02x", (unsigned) data[j + k]);
	+ }
	+ else
	+ {
	+ for (k = 0; k < bpc; k++)
	+ printf ("%02x", (unsigned) data[j + k]);
	+ }
	}
	+ putchar (' ');
	}

	for (; pb < octets_per_line; pb += bpc)
	Index: git/ld/testsuite/ld-nds32/diff.d
	===================================================================
	--- git.orig/ld/testsuite/ld-nds32/diff.d
	+++ git/ld/testsuite/ld-nds32/diff.d
	@@ -7,9 +7,9 @@

	Disassembly of section .data:
	00008000 <WORD> (7e 00 00 00\|00 00 00 7e).*
	-00008004 <HALF> (7e 00 7e fe\|00 7e 7e fe).*
	-00008006 <BYTE> 7e fe 00 fe.*
	-00008007 <ULEB128> fe 00.*
	+00008004 <HALF> (7e 00\|00 7e).*
	+00008006 <BYTE> 7e.*
	+00008007 <ULEB128> fe.*
	...
	00008009 <ULEB128_2> fe 00.*
	.*
	Index: git/ld/ChangeLog
	===================================================================
	--- git.orig/ld/ChangeLog
	+++ git/ld/ChangeLog
	@@ -1,3 +1,8 @@
	+2017-06-14 Nick Clifton <nickc@redhat.com>
	+
	+ PR binutils/21580
	+ * testsuite/ld-nds32/diff.d: Adjust expected output.
	+
	2017-03-07 Alan Modra <amodra@gmail.com>

	* ldlang.c (open_input_bfds): Check that lang_assignment_statement