import-layers/yocto-poky/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch - openbmc/openbmc - Gitiles

 From bae7501e87ab614115d9d3213b4dd18d96e604db Mon Sep 17 00:00:00 2001
 From: Alan Modra <amodra@gmail.com>
 Date: Sat, 1 Jul 2017 21:58:10 +0930
 Subject: [PATCH] Use bfd_malloc_and_get_section

 It's nicer than xmalloc followed by bfd_get_section_contents, since
 xmalloc exits on failure and needs a check that its size_t arg doesn't
 lose high bits when converted from bfd_size_type.

 	PR binutils/21665
 	* objdump.c (strtab): Make var a bfd_byte*.
 	(disassemble_section): Don't limit malloc size.  Instead, use
 	bfd_malloc_and_get_section.
 	(read_section_stabs): Use bfd_malloc_and_get_section.  Return
 	bfd_byte*.
 	(find_stabs_section): Remove now unnecessary cast.
 	* objcopy.c (copy_object): Use bfd_malloc_and_get_section.  Free
 	contents on error return.
 	* nlmconv.c (copy_sections): Use bfd_malloc_and_get_section.

 Upstream-Status: Backport
 CVE: CVE-2017-9955 #8
 Signed-off-by: Armin Kuster <akuster@mvista.com>

 ---
  binutils/ChangeLog | 13 +++++++++++++
  binutils/nlmconv.c |  6 ++----
  binutils/objcopy.c |  5 +++--
  binutils/objdump.c | 44 +++++++-------------------------------------
  4 files changed, 25 insertions(+), 43 deletions(-)

 Index: git/binutils/ChangeLog
 ===================================================================
 --- git.orig/binutils/ChangeLog
 +++ git/binutils/ChangeLog
 @@ -1,3 +1,16 @@
 +2017-07-01  Alan Modra  <amodra@gmail.com>
 +
 +	PR binutils/21665
 +	* objdump.c (strtab): Make var a bfd_byte*.
 +	(disassemble_section): Don't limit malloc size.  Instead, use
 +	bfd_malloc_and_get_section.
 +	(read_section_stabs): Use bfd_malloc_and_get_section.  Return
 +	bfd_byte*.
 +	(find_stabs_section): Remove now unnecessary cast.
 +	* objcopy.c (copy_object): Use bfd_malloc_and_get_section.  Free
 +	contents on error return.
 +	* nlmconv.c (copy_sections): Use bfd_malloc_and_get_section.
 +
  2017-06-30  Nick Clifton  <nickc@redhat.com>

         PR binutils/21665
 Index: git/binutils/nlmconv.c
 ===================================================================
 --- git.orig/binutils/nlmconv.c
 +++ git/binutils/nlmconv.c
 @@ -1224,7 +1224,7 @@ copy_sections (bfd *inbfd, asection *ins
    const char *inname;
    asection *outsec;
    bfd_size_type size;
 -  void *contents;
 +  bfd_byte *contents;
    long reloc_size;
    bfd_byte buf[4];
    bfd_size_type add;
 @@ -1240,9 +1240,7 @@ copy_sections (bfd *inbfd, asection *ins
      contents = NULL;
    else
      {
 -      contents = xmalloc (size);
 -      if (! bfd_get_section_contents (inbfd, insec, contents,
 -				      (file_ptr) 0, size))
 +      if (!bfd_malloc_and_get_section (inbfd, insec, &contents))
  	bfd_fatal (bfd_get_filename (inbfd));
      }

 Index: git/binutils/objdump.c
 ===================================================================
 --- git.orig/binutils/objdump.c
 +++ git/binutils/objdump.c
 @@ -180,7 +180,7 @@ static long dynsymcount = 0;
  static bfd_byte *stabs;
  static bfd_size_type stab_size;

 -static char *strtab;
 +static bfd_byte *strtab;
  static bfd_size_type stabstr_size;

  static bfd_boolean is_relocatable = FALSE;
 @@ -2112,29 +2112,6 @@ disassemble_section (bfd *abfd, asection
      }
    rel_ppend = rel_pp + rel_count;

 -  /* PR 21665: Check for overlarge datasizes.
 -     Note - we used to check for "datasize > bfd_get_file_size (abfd)" but
 -     this fails when using compressed sections or compressed file formats
 -     (eg MMO, tekhex).
 -
 -     The call to xmalloc below will fail if too much memory is requested,
 -     which will catch the problem in the normal use case.  But if a memory
 -     checker is in use, eg valgrind or sanitize, then an exception will
 -     be still generated, so we try to catch the problem first.
 -
 -     Unfortunately there is no simple way to determine how much memory can
 -     be allocated by calling xmalloc.  So instead we use a simple, arbitrary
 -     limit of 2Gb.  Hopefully this should be enough for most users.  If
 -     someone does start trying to disassemble sections larger then 2Gb in
 -     size they will doubtless complain and we can increase the limit.  */
 -#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */
 -  if (datasize > MAX_XMALLOC)
 -    {
 -      non_fatal (_("Reading section %s failed because it is too big (%#lx)"),
 -		 section->name, (unsigned long) datasize);
 -      return;
 -    }
 -
    data = (bfd_byte *) xmalloc (datasize);

    bfd_get_section_contents (abfd, section, data, 0, datasize);
 @@ -2652,12 +2629,11 @@ dump_dwarf (bfd *abfd)
  /* Read ABFD's stabs section STABSECT_NAME, and return a pointer to
     it.  Return NULL on failure.   */

 -static char *
 +static bfd_byte *
  read_section_stabs (bfd *abfd, const char *sect_name, bfd_size_type *size_ptr)
  {
    asection *stabsect;
 -  bfd_size_type size;
 -  char *contents;
 +  bfd_byte *contents;

    stabsect = bfd_get_section_by_name (abfd, sect_name);
    if (stabsect == NULL)
 @@ -2666,10 +2642,7 @@ read_section_stabs (bfd *abfd, const cha
        return FALSE;
      }

 -  size = bfd_section_size (abfd, stabsect);
 -  contents  = (char *) xmalloc (size);
 -
 -  if (! bfd_get_section_contents (abfd, stabsect, contents, 0, size))
 +  if (!bfd_malloc_and_get_section (abfd, stabsect, &contents))
      {
        non_fatal (_("reading %s section of %s failed: %s"),
  		 sect_name, bfd_get_filename (abfd),
 @@ -2679,7 +2652,7 @@ read_section_stabs (bfd *abfd, const cha
        return NULL;
      }

 -  *size_ptr = size;
 +  *size_ptr = bfd_section_size (abfd, stabsect);

    return contents;
  }
 @@ -2806,8 +2779,7 @@ find_stabs_section (bfd *abfd, asection

        if (strtab)
  	{
 -	  stabs = (bfd_byte *) read_section_stabs (abfd, section->name,
 -						   &stab_size);
 +	  stabs = read_section_stabs (abfd, section->name, &stab_size);
  	  if (stabs)
  	    print_section_stabs (abfd, section->name, &sought->string_offset);
  	}
 Index: git/binutils/objcopy.c
 ===================================================================
 --- git.orig/binutils/objcopy.c
 +++ git/binutils/objcopy.c
 @@ -2186,14 +2186,15 @@ copy_object (bfd *ibfd, bfd *obfd, const
  	      continue;
  	    }

 -	  bfd_byte * contents = xmalloc (size);
 -	  if (bfd_get_section_contents (ibfd, sec, contents, 0, size))
 +	  bfd_byte *contents;
 +          if (bfd_malloc_and_get_section (ibfd, sec, &contents))
  	    {
  	      if (fwrite (contents, 1, size, f) != size)
  		{
  		  non_fatal (_("error writing section contents to %s (error: %s)"),
  			     pdump->filename,
  			     strerror (errno));
 +                  free (contents);
  		  return FALSE;
  		}
  	    }
	From bae7501e87ab614115d9d3213b4dd18d96e604db Mon Sep 17 00:00:00 2001
	From: Alan Modra <amodra@gmail.com>
	Date: Sat, 1 Jul 2017 21:58:10 +0930
	Subject: [PATCH] Use bfd_malloc_and_get_section

	It's nicer than xmalloc followed by bfd_get_section_contents, since
	xmalloc exits on failure and needs a check that its size_t arg doesn't
	lose high bits when converted from bfd_size_type.

	PR binutils/21665
	* objdump.c (strtab): Make var a bfd_byte*.
	(disassemble_section): Don't limit malloc size. Instead, use
	bfd_malloc_and_get_section.
	(read_section_stabs): Use bfd_malloc_and_get_section. Return
	bfd_byte*.
	(find_stabs_section): Remove now unnecessary cast.
	* objcopy.c (copy_object): Use bfd_malloc_and_get_section. Free
	contents on error return.
	* nlmconv.c (copy_sections): Use bfd_malloc_and_get_section.

	Upstream-Status: Backport
	CVE: CVE-2017-9955 #8
	Signed-off-by: Armin Kuster <akuster@mvista.com>

	---
	binutils/ChangeLog \| 13 +++++++++++++
	binutils/nlmconv.c \| 6 ++----
	binutils/objcopy.c \| 5 +++--
	binutils/objdump.c \| 44 +++++++-------------------------------------
	4 files changed, 25 insertions(+), 43 deletions(-)

	Index: git/binutils/ChangeLog
	===================================================================
	--- git.orig/binutils/ChangeLog
	+++ git/binutils/ChangeLog
	@@ -1,3 +1,16 @@
	+2017-07-01 Alan Modra <amodra@gmail.com>
	+
	+ PR binutils/21665
	+ * objdump.c (strtab): Make var a bfd_byte*.
	+ (disassemble_section): Don't limit malloc size. Instead, use
	+ bfd_malloc_and_get_section.
	+ (read_section_stabs): Use bfd_malloc_and_get_section. Return
	+ bfd_byte*.
	+ (find_stabs_section): Remove now unnecessary cast.
	+ * objcopy.c (copy_object): Use bfd_malloc_and_get_section. Free
	+ contents on error return.
	+ * nlmconv.c (copy_sections): Use bfd_malloc_and_get_section.
	+
	2017-06-30 Nick Clifton <nickc@redhat.com>

	PR binutils/21665
	Index: git/binutils/nlmconv.c
	===================================================================
	--- git.orig/binutils/nlmconv.c
	+++ git/binutils/nlmconv.c
	@@ -1224,7 +1224,7 @@ copy_sections (bfd inbfd, asection ins
	const char *inname;
	asection *outsec;
	bfd_size_type size;
	- void *contents;
	+ bfd_byte *contents;
	long reloc_size;
	bfd_byte buf[4];
	bfd_size_type add;
	@@ -1240,9 +1240,7 @@ copy_sections (bfd inbfd, asection ins
	contents = NULL;
	else
	{
	- contents = xmalloc (size);
	- if (! bfd_get_section_contents (inbfd, insec, contents,
	- (file_ptr) 0, size))
	+ if (!bfd_malloc_and_get_section (inbfd, insec, &contents))
	bfd_fatal (bfd_get_filename (inbfd));
	}

	Index: git/binutils/objdump.c
	===================================================================
	--- git.orig/binutils/objdump.c
	+++ git/binutils/objdump.c
	@@ -180,7 +180,7 @@ static long dynsymcount = 0;
	static bfd_byte *stabs;
	static bfd_size_type stab_size;

	-static char *strtab;
	+static bfd_byte *strtab;
	static bfd_size_type stabstr_size;

	static bfd_boolean is_relocatable = FALSE;
	@@ -2112,29 +2112,6 @@ disassemble_section (bfd *abfd, asection
	}
	rel_ppend = rel_pp + rel_count;

	- /* PR 21665: Check for overlarge datasizes.
	- Note - we used to check for "datasize > bfd_get_file_size (abfd)" but
	- this fails when using compressed sections or compressed file formats
	- (eg MMO, tekhex).
	-
	- The call to xmalloc below will fail if too much memory is requested,
	- which will catch the problem in the normal use case. But if a memory
	- checker is in use, eg valgrind or sanitize, then an exception will
	- be still generated, so we try to catch the problem first.
	-
	- Unfortunately there is no simple way to determine how much memory can
	- be allocated by calling xmalloc. So instead we use a simple, arbitrary
	- limit of 2Gb. Hopefully this should be enough for most users. If
	- someone does start trying to disassemble sections larger then 2Gb in
	- size they will doubtless complain and we can increase the limit. */
	-#define MAX_XMALLOC (1024 * 1024 * 1024 * 2UL) /* 2Gb */
	- if (datasize > MAX_XMALLOC)
	- {
	- non_fatal (_("Reading section %s failed because it is too big (%#lx)"),
	- section->name, (unsigned long) datasize);
	- return;
	- }
	-
	data = (bfd_byte *) xmalloc (datasize);

	bfd_get_section_contents (abfd, section, data, 0, datasize);
	@@ -2652,12 +2629,11 @@ dump_dwarf (bfd *abfd)
	/* Read ABFD's stabs section STABSECT_NAME, and return a pointer to
	it. Return NULL on failure. */

	-static char *
	+static bfd_byte *
	read_section_stabs (bfd abfd, const char sect_name, bfd_size_type *size_ptr)
	{
	asection *stabsect;
	- bfd_size_type size;
	- char *contents;
	+ bfd_byte *contents;

	stabsect = bfd_get_section_by_name (abfd, sect_name);
	if (stabsect == NULL)
	@@ -2666,10 +2642,7 @@ read_section_stabs (bfd *abfd, const cha
	return FALSE;
	}

	- size = bfd_section_size (abfd, stabsect);
	- contents = (char *) xmalloc (size);
	-
	- if (! bfd_get_section_contents (abfd, stabsect, contents, 0, size))
	+ if (!bfd_malloc_and_get_section (abfd, stabsect, &contents))
	{
	non_fatal (_("reading %s section of %s failed: %s"),
	sect_name, bfd_get_filename (abfd),
	@@ -2679,7 +2652,7 @@ read_section_stabs (bfd *abfd, const cha
	return NULL;
	}

	- *size_ptr = size;
	+ *size_ptr = bfd_section_size (abfd, stabsect);

	return contents;
	}
	@@ -2806,8 +2779,7 @@ find_stabs_section (bfd *abfd, asection

	if (strtab)
	{
	- stabs = (bfd_byte *) read_section_stabs (abfd, section->name,
	- &stab_size);
	+ stabs = read_section_stabs (abfd, section->name, &stab_size);
	if (stabs)
	print_section_stabs (abfd, section->name, &sought->string_offset);
	}
	Index: git/binutils/objcopy.c
	===================================================================
	--- git.orig/binutils/objcopy.c
	+++ git/binutils/objcopy.c
	@@ -2186,14 +2186,15 @@ copy_object (bfd ibfd, bfd obfd, const
	continue;
	}

	- bfd_byte * contents = xmalloc (size);
	- if (bfd_get_section_contents (ibfd, sec, contents, 0, size))
	+ bfd_byte *contents;
	+ if (bfd_malloc_and_get_section (ibfd, sec, &contents))
	{
	if (fwrite (contents, 1, size, f) != size)
	{
	non_fatal (_("error writing section contents to %s (error: %s)"),
	pdump->filename,
	strerror (errno));
	+ free (contents);
	return FALSE;
	}
	}