From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001 From: takeshi_hoshina Date: Mon, 2 Nov 2020 11:07:33 +0900 Subject: basesystem-jj recipes --- .../binutils/binutils/CVE-2018-1000876.patch | 180 --------------------- 1 file changed, 180 deletions(-) delete mode 100644 external/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-1000876.patch (limited to 'external/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-1000876.patch') diff --git a/external/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-1000876.patch b/external/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-1000876.patch deleted file mode 100644 index ff853511..00000000 --- a/external/poky/meta/recipes-devtools/binutils/binutils/CVE-2018-1000876.patch +++ /dev/null @@ -1,180 +0,0 @@ -From efec0844fcfb5692f5a78f4082994d63e420ecd9 Mon Sep 17 00:00:00 2001 -From: Alan Modra -Date: Sun, 16 Dec 2018 23:02:50 +1030 -Subject: [PATCH] PR23994, libbfd integer overflow - - PR 23994 - * aoutx.h: Include limits.h. - (get_reloc_upper_bound): Detect long overflow and return a file - too big error if it occurs. - * elf.c: Include limits.h. - (_bfd_elf_get_symtab_upper_bound): Detect long overflow and return - a file too big error if it occurs. - (_bfd_elf_get_dynamic_symtab_upper_bound): Likewise. - (_bfd_elf_get_dynamic_reloc_upper_bound): Likewise. - -CVE: CVE-2018-1000876 -Upstream-Status: Backport -[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f] - -Signed-off-by: Dan Tran ---- - bfd/aoutx.h | 40 +++++++++++++++++++++------------------- - bfd/elf.c | 32 ++++++++++++++++++++++++-------- - 2 files changed, 45 insertions(+), 27 deletions(-) - -diff --git a/bfd/aoutx.h b/bfd/aoutx.h -index 023843b0be..78eaa9c503 100644 ---- a/bfd/aoutx.h -+++ b/bfd/aoutx.h -@@ -117,6 +117,7 @@ DESCRIPTION - #define KEEPIT udata.i - - #include "sysdep.h" -+#include - #include "bfd.h" - #include "safe-ctype.h" - #include "bfdlink.h" -@@ -2491,6 +2492,8 @@ NAME (aout, canonicalize_reloc) (bfd *abfd, - long - NAME (aout, get_reloc_upper_bound) (bfd *abfd, sec_ptr asect) - { -+ bfd_size_type count; -+ - if (bfd_get_format (abfd) != bfd_object) - { - bfd_set_error (bfd_error_invalid_operation); -@@ -2498,26 +2501,25 @@ NAME (aout, get_reloc_upper_bound) (bfd *abfd, sec_ptr asect) - } - - if (asect->flags & SEC_CONSTRUCTOR) -- return sizeof (arelent *) * (asect->reloc_count + 1); -- -- if (asect == obj_datasec (abfd)) -- return sizeof (arelent *) -- * ((exec_hdr (abfd)->a_drsize / obj_reloc_entry_size (abfd)) -- + 1); -- -- if (asect == obj_textsec (abfd)) -- return sizeof (arelent *) -- * ((exec_hdr (abfd)->a_trsize / obj_reloc_entry_size (abfd)) -- + 1); -- -- if (asect == obj_bsssec (abfd)) -- return sizeof (arelent *); -- -- if (asect == obj_bsssec (abfd)) -- return 0; -+ count = asect->reloc_count; -+ else if (asect == obj_datasec (abfd)) -+ count = exec_hdr (abfd)->a_drsize / obj_reloc_entry_size (abfd); -+ else if (asect == obj_textsec (abfd)) -+ count = exec_hdr (abfd)->a_trsize / obj_reloc_entry_size (abfd); -+ else if (asect == obj_bsssec (abfd)) -+ count = 0; -+ else -+ { -+ bfd_set_error (bfd_error_invalid_operation); -+ return -1; -+ } - -- bfd_set_error (bfd_error_invalid_operation); -- return -1; -+ if (count >= LONG_MAX / sizeof (arelent *)) -+ { -+ bfd_set_error (bfd_error_file_too_big); -+ return -1; -+ } -+ return (count + 1) * sizeof (arelent *); - } - - long -diff --git a/bfd/elf.c b/bfd/elf.c -index 828241d48a..10037176a3 100644 ---- a/bfd/elf.c -+++ b/bfd/elf.c -@@ -35,6 +35,7 @@ SECTION - /* For sparc64-cross-sparc32. */ - #define _SYSCALL32 - #include "sysdep.h" -+#include - #include "bfd.h" - #include "bfdlink.h" - #include "libbfd.h" -@@ -8114,11 +8115,16 @@ error_return: - long - _bfd_elf_get_symtab_upper_bound (bfd *abfd) - { -- long symcount; -+ bfd_size_type symcount; - long symtab_size; - Elf_Internal_Shdr *hdr = &elf_tdata (abfd)->symtab_hdr; - - symcount = hdr->sh_size / get_elf_backend_data (abfd)->s->sizeof_sym; -+ if (symcount >= LONG_MAX / sizeof (asymbol *)) -+ { -+ bfd_set_error (bfd_error_file_too_big); -+ return -1; -+ } - symtab_size = (symcount + 1) * (sizeof (asymbol *)); - if (symcount > 0) - symtab_size -= sizeof (asymbol *); -@@ -8129,7 +8135,7 @@ _bfd_elf_get_symtab_upper_bound (bfd *abfd) - long - _bfd_elf_get_dynamic_symtab_upper_bound (bfd *abfd) - { -- long symcount; -+ bfd_size_type symcount; - long symtab_size; - Elf_Internal_Shdr *hdr = &elf_tdata (abfd)->dynsymtab_hdr; - -@@ -8140,6 +8146,11 @@ _bfd_elf_get_dynamic_symtab_upper_bound (bfd *abfd) - } - - symcount = hdr->sh_size / get_elf_backend_data (abfd)->s->sizeof_sym; -+ if (symcount >= LONG_MAX / sizeof (asymbol *)) -+ { -+ bfd_set_error (bfd_error_file_too_big); -+ return -1; -+ } - symtab_size = (symcount + 1) * (sizeof (asymbol *)); - if (symcount > 0) - symtab_size -= sizeof (asymbol *); -@@ -8209,7 +8220,7 @@ _bfd_elf_canonicalize_dynamic_symtab (bfd *abfd, - long - _bfd_elf_get_dynamic_reloc_upper_bound (bfd *abfd) - { -- long ret; -+ bfd_size_type count; - asection *s; - - if (elf_dynsymtab (abfd) == 0) -@@ -8218,15 +8229,20 @@ _bfd_elf_get_dynamic_reloc_upper_bound (bfd *abfd) - return -1; - } - -- ret = sizeof (arelent *); -+ count = 1; - for (s = abfd->sections; s != NULL; s = s->next) - if (elf_section_data (s)->this_hdr.sh_link == elf_dynsymtab (abfd) - && (elf_section_data (s)->this_hdr.sh_type == SHT_REL - || elf_section_data (s)->this_hdr.sh_type == SHT_RELA)) -- ret += ((s->size / elf_section_data (s)->this_hdr.sh_entsize) -- * sizeof (arelent *)); -- -- return ret; -+ { -+ count += s->size / elf_section_data (s)->this_hdr.sh_entsize; -+ if (count > LONG_MAX / sizeof (arelent *)) -+ { -+ bfd_set_error (bfd_error_file_too_big); -+ return -1; -+ } -+ } -+ return count * sizeof (arelent *); - } - - /* Canonicalize the dynamic relocation entries. Note that we return the --- -2.22.0.vfs.1.1.57.gbaf16c8 - -- cgit 1.2.3-korg