diff options
author | coadde [Márcio Alexandre Silva Delgado] <coadde@parabola.nu> | 2014-11-30 13:34:20 -0200 |
---|---|---|
committer | coadde [Márcio Alexandre Silva Delgado] <coadde@parabola.nu> | 2014-11-30 13:34:20 -0200 |
commit | 9554a932e9bba6a400e2eb6f84c4018898a7aa5d (patch) | |
tree | ee8570e63b3a92b3c97eb5e2151b6653b73cba05 /cross/cross-binutils/binutils-2.24-CVE-2014-8738.patch | |
parent | 9cff27b319e8f0c00e590f4953f25e65ebe6bcb2 (diff) |
update cross-binutils
Diffstat (limited to 'cross/cross-binutils/binutils-2.24-CVE-2014-8738.patch')
-rw-r--r-- | cross/cross-binutils/binutils-2.24-CVE-2014-8738.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/cross/cross-binutils/binutils-2.24-CVE-2014-8738.patch b/cross/cross-binutils/binutils-2.24-CVE-2014-8738.patch new file mode 100644 index 000000000..d671ed241 --- /dev/null +++ b/cross/cross-binutils/binutils-2.24-CVE-2014-8738.patch @@ -0,0 +1,48 @@ +diff --git a/bfd/archive.c b/bfd/archive.c +index 40a3395..b905213 100644 +--- a/bfd/archive.c ++++ b/bfd/archive.c +@@ -1293,6 +1293,9 @@ _bfd_slurp_extended_name_table (bfd *abfd) + amt = namedata->parsed_size; + if (amt + 1 == 0) + goto byebye; ++ /* PR binutils/17533: A corrupt archive can contain an invalid size. */ ++ if (amt > (bfd_size_type) bfd_get_size (abfd)) ++ goto byebye; + + bfd_ardata (abfd)->extended_names_size = amt; + bfd_ardata (abfd)->extended_names = (char *) bfd_zalloc (abfd, amt + 1); +@@ -1300,6 +1303,8 @@ _bfd_slurp_extended_name_table (bfd *abfd) + { + byebye: + free (namedata); ++ bfd_ardata (abfd)->extended_names = NULL; ++ bfd_ardata (abfd)->extended_names_size = 0; + return FALSE; + } + +@@ -1308,7 +1313,6 @@ _bfd_slurp_extended_name_table (bfd *abfd) + if (bfd_get_error () != bfd_error_system_call) + bfd_set_error (bfd_error_malformed_archive); + bfd_release (abfd, (bfd_ardata (abfd)->extended_names)); +- bfd_ardata (abfd)->extended_names = NULL; + goto byebye; + } + +@@ -1316,11 +1320,12 @@ _bfd_slurp_extended_name_table (bfd *abfd) + text, the entries in the list are newline-padded, not null + padded. In SVR4-style archives, the names also have a + trailing '/'. DOS/NT created archive often have \ in them +- We'll fix all problems here.. */ ++ We'll fix all problems here. */ + { + char *ext_names = bfd_ardata (abfd)->extended_names; + char *temp = ext_names; + char *limit = temp + namedata->parsed_size; ++ + for (; temp < limit; ++temp) + { + if (*temp == ARFMAG[1]) +-- +1.7.1 + |