| From cd3ea7c69acc5045eb28f9bf80d923116e15e4f5 Mon Sep 17 00:00:00 2001 |
| From: Nick Clifton <nickc@redhat.com> |
| Date: Thu, 15 Jun 2017 13:26:54 +0100 |
| Subject: [PATCH] Prevent address violation problem when disassembling corrupt |
| aarch64 binary. |
| |
| PR binutils/21595 |
| * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of |
| range value. |
| |
| Upstream-Status: Backport |
| CVE: CVE-2017-9756 |
| Signed-off-by: Armin Kuster <akuster@mvista.com> |
| |
| --- |
| opcodes/ChangeLog | 6 ++++++ |
| opcodes/aarch64-dis.c | 3 +++ |
| 2 files changed, 9 insertions(+) |
| |
| Index: git/opcodes/ChangeLog |
| =================================================================== |
| --- git.orig/opcodes/ChangeLog |
| +++ git/opcodes/ChangeLog |
| @@ -6,6 +6,12 @@ |
| |
| 2017-06-15 Nick Clifton <nickc@redhat.com> |
| |
| + PR binutils/21595 |
| + * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of |
| + range value. |
| + |
| +2017-06-15 Nick Clifton <nickc@redhat.com> |
| + |
| PR binutils/21588 |
| * rl78-decode.opc (OP_BUF_LEN): Define. |
| (GETBYTE): Check for the index exceeding OP_BUF_LEN. |
| Index: git/opcodes/aarch64-dis.c |
| =================================================================== |
| --- git.orig/opcodes/aarch64-dis.c |
| +++ git/opcodes/aarch64-dis.c |
| @@ -409,6 +409,9 @@ aarch64_ext_ldst_reglist (const aarch64_ |
| info->reglist.first_regno = extract_field (FLD_Rt, code, 0); |
| /* opcode */ |
| value = extract_field (FLD_opcode, code, 0); |
| + /* PR 21595: Check for a bogus value. */ |
| + if (value >= ARRAY_SIZE (data)) |
| + return 0; |
| if (expected_num != data[value].num_elements || data[value].is_reserved) |
| return 0; |
| info->reglist.num_regs = data[value].num_regs; |