summaryrefslogtreecommitdiff
path: root/system/binutils/CVE-2019-9074.patch
diff options
context:
space:
mode:
Diffstat (limited to 'system/binutils/CVE-2019-9074.patch')
-rw-r--r--system/binutils/CVE-2019-9074.patch49
1 files changed, 49 insertions, 0 deletions
diff --git a/system/binutils/CVE-2019-9074.patch b/system/binutils/CVE-2019-9074.patch
new file mode 100644
index 000000000..74b6c2040
--- /dev/null
+++ b/system/binutils/CVE-2019-9074.patch
@@ -0,0 +1,49 @@
+From 179f2db0d9c397d7dd8a59907b84208b79f7f48c Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 19 Feb 2019 22:48:44 +1030
+Subject: [PATCH] PR24235, Read memory violation in pei-x86_64.c
+
+ PR 24235
+ * pei-x86_64.c (pex64_bfd_print_pdata_section): Correct checks
+ attempting to prevent read past end of section.
+---
+ bfd/pei-x86_64.c | 9 ++++-----
+ 2 files changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/bfd/pei-x86_64.c b/bfd/pei-x86_64.c
+index ff1093c..7e75104 100644
+--- a/bfd/pei-x86_64.c
++++ b/bfd/pei-x86_64.c
+@@ -541,7 +541,7 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section)
+ /* virt_size might be zero for objects. */
+ if (stop == 0 && strcmp (abfd->xvec->name, "pe-x86-64") == 0)
+ {
+- stop = (datasize / onaline) * onaline;
++ stop = datasize;
+ virt_size_is_zero = TRUE;
+ }
+ else if (datasize < stop)
+@@ -551,8 +551,8 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section)
+ _("Warning: %s section size (%ld) is smaller than virtual size (%ld)\n"),
+ pdata_section->name, (unsigned long) datasize,
+ (unsigned long) stop);
+- /* Be sure not to read passed datasize. */
+- stop = datasize / onaline;
++ /* Be sure not to read past datasize. */
++ stop = datasize;
+ }
+
+ /* Display functions table. */
+@@ -724,8 +724,7 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section)
+ altent += imagebase;
+
+ if (altent >= pdata_vma
+- && (altent + PDATA_ROW_SIZE <= pdata_vma
+- + pei_section_data (abfd, pdata_section)->virt_size))
++ && altent - pdata_vma + PDATA_ROW_SIZE <= stop)
+ {
+ pex64_get_runtime_function
+ (abfd, &arf, &pdata[altent - pdata_vma]);
+--
+2.9.3
+