| From 04e15b4a9462cb1ae819e878a6009829aab8020b Mon Sep 17 00:00:00 2001 |
| From: Nick Clifton <nickc@redhat.com> |
| Date: Mon, 26 Jun 2017 15:46:34 +0100 |
| Subject: [PATCH] Fix address violation parsing a corrupt texhex format file. |
| |
| PR binutils/21670 |
| * tekhex.c (getvalue): Check for the source pointer exceeding the |
| end pointer before the first byte is read. |
| |
| Upstream-Status: Backport |
| CVE: CVE_2017-9954 |
| Signed-off-by: Armin Kuster <akuster@mvista.com> |
| |
| --- |
| bfd/ChangeLog | 6 ++++++ |
| bfd/tekhex.c | 6 +++++- |
| 2 files changed, 11 insertions(+), 1 deletion(-) |
| |
| Index: git/bfd/tekhex.c |
| =================================================================== |
| --- git.orig/bfd/tekhex.c |
| +++ git/bfd/tekhex.c |
| @@ -273,6 +273,9 @@ getvalue (char **srcp, bfd_vma *valuep, |
| bfd_vma value = 0; |
| unsigned int len; |
| |
| + if (src >= endp) |
| + return FALSE; |
| + |
| if (!ISHEX (*src)) |
| return FALSE; |
| |
| @@ -514,9 +517,10 @@ pass_over (bfd *abfd, bfd_boolean (*func |
| /* To the front of the file. */ |
| if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0) |
| return FALSE; |
| + |
| while (! is_eof) |
| { |
| - char src[MAXCHUNK]; |
| + static char src[MAXCHUNK]; |
| char type; |
| |
| /* Find first '%'. */ |
| Index: git/bfd/ChangeLog |
| =================================================================== |
| --- git.orig/bfd/ChangeLog |
| +++ git/bfd/ChangeLog |
| @@ -1,3 +1,9 @@ |
| +2017-06-26 Nick Clifton <nickc@redhat.com> |
| + |
| + PR binutils/21670 |
| + * tekhex.c (getvalue): Check for the source pointer exceeding the |
| + end pointer before the first byte is read. |
| + |
| 2017-06-15 Nick Clifton <nickc@redhat.com> |
| |
| PR binutils/21582 |