| From 7211ae501eb0de1044983f2dfb00091a58fbd66c Mon Sep 17 00:00:00 2001 |
| From: Alan Modra <amodra@gmail.com> |
| Date: Tue, 27 Jun 2017 09:45:04 +0930 |
| Subject: [PATCH] More fixes for bfd_get_section_contents change |
| |
| PR binutils/21665 |
| * libbfd.c (_bfd_generic_get_section_contents): Delete abort. |
| Use unsigned file pointer type, and remove cast. |
| * libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise. |
| Add "count", not "sz". |
| |
| Upstream-Status: Backport |
| CVE: CVE-2017-9955 #5 |
| Signed-off-by: Armin Kuster <akuster@mvista.com> |
| |
| --- |
| bfd/ChangeLog | 8 ++++++++ |
| bfd/libbfd.c | 18 ++++-------------- |
| 2 files changed, 12 insertions(+), 14 deletions(-) |
| |
| Index: git/bfd/ChangeLog |
| =================================================================== |
| --- git.orig/bfd/ChangeLog |
| +++ git/bfd/ChangeLog |
| @@ -1,3 +1,11 @@ |
| +2017-06-27 Alan Modra <amodra@gmail.com> |
| + |
| + PR binutils/21665 |
| + * libbfd.c (_bfd_generic_get_section_contents): Delete abort. |
| + Use unsigned file pointer type, and remove cast. |
| + * libbfd.c (_bfd_generic_get_section_contents_in_window): Likewise. |
| + Add "count", not "sz". |
| + |
| 2017-06-26 Pedro Alves <palves@redhat.com> |
| |
| PR binutils/21665 |
| Index: git/bfd/libbfd.c |
| =================================================================== |
| --- git.orig/bfd/libbfd.c |
| +++ git/bfd/libbfd.c |
| @@ -780,7 +780,7 @@ _bfd_generic_get_section_contents (bfd * |
| bfd_size_type count) |
| { |
| bfd_size_type sz; |
| - file_ptr filesz; |
| + ufile_ptr filesz; |
| if (count == 0) |
| return TRUE; |
| |
| @@ -804,14 +804,9 @@ _bfd_generic_get_section_contents (bfd * |
| else |
| sz = section->size; |
| filesz = bfd_get_file_size (abfd); |
| - if (filesz < 0) |
| - { |
| - /* This should never happen. */ |
| - abort (); |
| - } |
| if (offset + count < count |
| || offset + count > sz |
| - || (section->filepos + offset + count) > (bfd_size_type) filesz) |
| + || section->filepos + offset + count > filesz) |
| { |
| bfd_set_error (bfd_error_invalid_operation); |
| return FALSE; |
| @@ -834,7 +829,7 @@ _bfd_generic_get_section_contents_in_win |
| { |
| #ifdef USE_MMAP |
| bfd_size_type sz; |
| - file_ptr filesz; |
| + ufile_ptr filesz; |
| |
| if (count == 0) |
| return TRUE; |
| @@ -868,13 +863,8 @@ _bfd_generic_get_section_contents_in_win |
| else |
| sz = section->size; |
| filesz = bfd_get_file_size (abfd); |
| - if (filesz < 0) |
| - { |
| - /* This should never happen. */ |
| - abort (); |
| - } |
| if (offset + count > sz |
| - || (section->filepos + offset + sz) > (bfd_size_type) filesz |
| + || section->filepos + offset + count > filesz |
| || ! bfd_get_file_window (abfd, section->filepos + offset, count, w, |
| TRUE)) |
| return FALSE; |