Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 6e60e8b2b2bab889379b380a28a167a0edd9d1d3 / . / import-layers / yocto-poky / meta / recipes-devtools / binutils / binutils / CVE-2017-9756.patch
blob: 191d0be198f087482d3dfed6e2467add2a69d8a4 [file] [log] [blame]
Brad Bishop6e60e8b2018-02-01 10:27:11 -0500[diff] [blame^]1From cd3ea7c69acc5045eb28f9bf80d923116e15e4f5 Mon Sep 17 00:00:00 2001
2From: Nick Clifton <nickc@redhat.com>
3Date: Thu, 15 Jun 2017 13:26:54 +0100
4Subject: [PATCH] Prevent address violation problem when disassembling corrupt
5 aarch64 binary.
6
7 PR binutils/21595
8 * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of
9 range value.
10
11Upstream-Status: Backport
12CVE: CVE-2017-9756
13Signed-off-by: Armin Kuster <akuster@mvista.com>
14
15---
16 opcodes/ChangeLog | 6 ++++++
17 opcodes/aarch64-dis.c | 3 +++
18 2 files changed, 9 insertions(+)
19
20Index: git/opcodes/ChangeLog
21===================================================================
22--- git.orig/opcodes/ChangeLog
23+++ git/opcodes/ChangeLog
24@@ -6,6 +6,12 @@
25
26 2017-06-15 Nick Clifton <nickc@redhat.com>
27
28+ PR binutils/21595
29+ * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of
30+ range value.
31+
32+2017-06-15 Nick Clifton <nickc@redhat.com>
33+
34 PR binutils/21588
35 * rl78-decode.opc (OP_BUF_LEN): Define.
36 (GETBYTE): Check for the index exceeding OP_BUF_LEN.
37Index: git/opcodes/aarch64-dis.c
38===================================================================
39--- git.orig/opcodes/aarch64-dis.c
40+++ git/opcodes/aarch64-dis.c
41@@ -409,6 +409,9 @@ aarch64_ext_ldst_reglist (const aarch64_
42 info->reglist.first_regno = extract_field (FLD_Rt, code, 0);
43 /* opcode */
44 value = extract_field (FLD_opcode, code, 0);
45+ /* PR 21595: Check for a bogus value. */
46+ if (value >= ARRAY_SIZE (data))
47+ return 0;
48 if (expected_num != data[value].num_elements || data[value].is_reserved)
49 return 0;
50 info->reglist.num_regs = data[value].num_regs;