poky/meta/recipes-devtools/binutils/binutils/CVE-2019-9074.patch - openbmc/openbmc - Gitiles

 From e2ebb3906432dcca2727186ad79415f920730fb2 Mon Sep 17 00:00:00 2001
 From: Alan Modra <amodra@gmail.com>
 Date: Tue, 19 Feb 2019 22:48:44 +1030
 Subject: [PATCH] PR24235, Read memory violation in pei-x86_64.c

 	PR 24235
 	* pei-x86_64.c (pex64_bfd_print_pdata_section): Correct checks
 	attempting to prevent read past end of section.

 Upstream-Status: Backport [https://github.com/bminor/binutils-gdb/commit/179f2db0d9c397d7dd8a59907b84208b79f7f48c]
 CVE: CVE-2019-9074
 Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
 ---
  bfd/ChangeLog    | 6 ++++++
  bfd/pei-x86_64.c | 9 ++++-----
  2 files changed, 10 insertions(+), 5 deletions(-)

 diff --git a/bfd/ChangeLog b/bfd/ChangeLog
 index dd2c741..cbf30de 100644
 --- a/bfd/ChangeLog
 +++ b/bfd/ChangeLog
 @@ -1,3 +1,9 @@
 +2019-02-19  Alan Modra  <amodra@gmail.com>
 +
 +	PR 24235
 +	* pei-x86_64.c (pex64_bfd_print_pdata_section): Correct checks
 +	attempting to prevent read past end of section.
 +
  2019-02-04  Nick Clifton  <nickc@redhat.com>

  	* development.sh (experimental) Set to false.
 diff --git a/bfd/pei-x86_64.c b/bfd/pei-x86_64.c
 index ff1093c..7e75104 100644
 --- a/bfd/pei-x86_64.c
 +++ b/bfd/pei-x86_64.c
 @@ -541,7 +541,7 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section)
    /* virt_size might be zero for objects.  */
    if (stop == 0 && strcmp (abfd->xvec->name, "pe-x86-64") == 0)
      {
 -      stop = (datasize / onaline) * onaline;
 +      stop = datasize;
        virt_size_is_zero = TRUE;
      }
    else if (datasize < stop)
 @@ -551,8 +551,8 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section)
  		 _("Warning: %s section size (%ld) is smaller than virtual size (%ld)\n"),
  		 pdata_section->name, (unsigned long) datasize,
  		 (unsigned long) stop);
 -	/* Be sure not to read passed datasize.  */
 -	stop = datasize / onaline;
 +	/* Be sure not to read past datasize.  */
 +	stop = datasize;
        }

    /* Display functions table.  */
 @@ -724,8 +724,7 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section)
  	      altent += imagebase;

  	      if (altent >= pdata_vma
 -		  && (altent + PDATA_ROW_SIZE <= pdata_vma
 -		      + pei_section_data (abfd, pdata_section)->virt_size))
 +		  && altent - pdata_vma + PDATA_ROW_SIZE <= stop)
  		{
  		  pex64_get_runtime_function
  		    (abfd, &arf, &pdata[altent - pdata_vma]);
 --
 2.7.4
	From e2ebb3906432dcca2727186ad79415f920730fb2 Mon Sep 17 00:00:00 2001
	From: Alan Modra <amodra@gmail.com>
	Date: Tue, 19 Feb 2019 22:48:44 +1030
	Subject: [PATCH] PR24235, Read memory violation in pei-x86_64.c

	PR 24235
	* pei-x86_64.c (pex64_bfd_print_pdata_section): Correct checks
	attempting to prevent read past end of section.

	Upstream-Status: Backport [https://github.com/bminor/binutils-gdb/commit/179f2db0d9c397d7dd8a59907b84208b79f7f48c]
	CVE: CVE-2019-9074
	Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
	---
	bfd/ChangeLog \| 6 ++++++
	bfd/pei-x86_64.c \| 9 ++++-----
	2 files changed, 10 insertions(+), 5 deletions(-)

	diff --git a/bfd/ChangeLog b/bfd/ChangeLog
	index dd2c741..cbf30de 100644
	--- a/bfd/ChangeLog
	+++ b/bfd/ChangeLog
	@@ -1,3 +1,9 @@
	+2019-02-19 Alan Modra <amodra@gmail.com>
	+
	+ PR 24235
	+ * pei-x86_64.c (pex64_bfd_print_pdata_section): Correct checks
	+ attempting to prevent read past end of section.
	+
	2019-02-04 Nick Clifton <nickc@redhat.com>

	* development.sh (experimental) Set to false.
	diff --git a/bfd/pei-x86_64.c b/bfd/pei-x86_64.c
	index ff1093c..7e75104 100644
	--- a/bfd/pei-x86_64.c
	+++ b/bfd/pei-x86_64.c
	@@ -541,7 +541,7 @@ pex64_bfd_print_pdata_section (bfd abfd, void vfile, asection *pdata_section)
	/* virt_size might be zero for objects. */
	if (stop == 0 && strcmp (abfd->xvec->name, "pe-x86-64") == 0)
	{
	- stop = (datasize / onaline) * onaline;
	+ stop = datasize;
	virt_size_is_zero = TRUE;
	}
	else if (datasize < stop)
	@@ -551,8 +551,8 @@ pex64_bfd_print_pdata_section (bfd abfd, void vfile, asection *pdata_section)
	_("Warning: %s section size (%ld) is smaller than virtual size (%ld)\n"),
	pdata_section->name, (unsigned long) datasize,
	(unsigned long) stop);
	- /* Be sure not to read passed datasize. */
	- stop = datasize / onaline;
	+ /* Be sure not to read past datasize. */
	+ stop = datasize;
	}

	/* Display functions table. */
	@@ -724,8 +724,7 @@ pex64_bfd_print_pdata_section (bfd abfd, void vfile, asection *pdata_section)
	altent += imagebase;

	if (altent >= pdata_vma
	- && (altent + PDATA_ROW_SIZE <= pdata_vma
	- + pei_section_data (abfd, pdata_section)->virt_size))
	+ && altent - pdata_vma + PDATA_ROW_SIZE <= stop)
	{
	pex64_get_runtime_function
	(abfd, &arf, &pdata[altent - pdata_vma]);
	--
	2.7.4