summaryrefslogtreecommitdiff
path: root/system/binutils/CVE-2019-17451.patch
diff options
context:
space:
mode:
Diffstat (limited to 'system/binutils/CVE-2019-17451.patch')
-rw-r--r--system/binutils/CVE-2019-17451.patch38
1 files changed, 0 insertions, 38 deletions
diff --git a/system/binutils/CVE-2019-17451.patch b/system/binutils/CVE-2019-17451.patch
deleted file mode 100644
index f6af71601..000000000
--- a/system/binutils/CVE-2019-17451.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 336bfbeb1848f4b9558456fdcf283ee8a32d7fd1 Mon Sep 17 00:00:00 2001
-From: Alan Modra <amodra@gmail.com>
-Date: Wed, 9 Oct 2019 10:47:13 +1030
-Subject: [PATCH] PR25070, SEGV in function _bfd_dwarf2_find_nearest_line
-
-Evil testcase with two debug info sections, with sizes of 2aaaabac4ec1
-and ffffd5555453b140 result in a total size of 1. Reading the first
-section of course overflows the buffer and tramples on other memory.
-
- PR 25070
- * dwarf2.c (_bfd_dwarf2_slurp_debug_info): Catch overflow of
- total_size calculation.
-
-diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
-index d39f4fd..88aaa2d 100644
---- a/bfd/dwarf2.c
-+++ b/bfd/dwarf2.c
-@@ -4439,7 +4439,16 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, bfd *debug_bfd,
- for (total_size = 0;
- msec;
- msec = find_debug_info (debug_bfd, debug_sections, msec))
-- total_size += msec->size;
-+ {
-+ /* Catch PR25070 testcase overflowing size calculation here. */
-+ if (total_size + msec->size < total_size
-+ || total_size + msec->size < msec->size)
-+ {
-+ bfd_set_error (bfd_error_no_memory);
-+ return FALSE;
-+ }
-+ total_size += msec->size;
-+ }
-
- stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size);
- if (stash->info_ptr_memory == NULL)
---
-2.9.3
-
generated by cgit v1.2.3-60-g2f50 (git 2.42.0) at 2024-07-09 19:56:24 +0000