diff options
Diffstat (limited to 'system/binutils/CVE-2019-9074.patch')
-rw-r--r-- | system/binutils/CVE-2019-9074.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/system/binutils/CVE-2019-9074.patch b/system/binutils/CVE-2019-9074.patch new file mode 100644 index 000000000..74b6c2040 --- /dev/null +++ b/system/binutils/CVE-2019-9074.patch @@ -0,0 +1,49 @@ +From 179f2db0d9c397d7dd8a59907b84208b79f7f48c Mon Sep 17 00:00:00 2001 +From: Alan Modra <amodra@gmail.com> +Date: Tue, 19 Feb 2019 22:48:44 +1030 +Subject: [PATCH] PR24235, Read memory violation in pei-x86_64.c + + PR 24235 + * pei-x86_64.c (pex64_bfd_print_pdata_section): Correct checks + attempting to prevent read past end of section. +--- + bfd/pei-x86_64.c | 9 ++++----- + 2 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/bfd/pei-x86_64.c b/bfd/pei-x86_64.c +index ff1093c..7e75104 100644 +--- a/bfd/pei-x86_64.c ++++ b/bfd/pei-x86_64.c +@@ -541,7 +541,7 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section) + /* virt_size might be zero for objects. */ + if (stop == 0 && strcmp (abfd->xvec->name, "pe-x86-64") == 0) + { +- stop = (datasize / onaline) * onaline; ++ stop = datasize; + virt_size_is_zero = TRUE; + } + else if (datasize < stop) +@@ -551,8 +551,8 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section) + _("Warning: %s section size (%ld) is smaller than virtual size (%ld)\n"), + pdata_section->name, (unsigned long) datasize, + (unsigned long) stop); +- /* Be sure not to read passed datasize. */ +- stop = datasize / onaline; ++ /* Be sure not to read past datasize. */ ++ stop = datasize; + } + + /* Display functions table. */ +@@ -724,8 +724,7 @@ pex64_bfd_print_pdata_section (bfd *abfd, void *vfile, asection *pdata_section) + altent += imagebase; + + if (altent >= pdata_vma +- && (altent + PDATA_ROW_SIZE <= pdata_vma +- + pei_section_data (abfd, pdata_section)->virt_size)) ++ && altent - pdata_vma + PDATA_ROW_SIZE <= stop) + { + pex64_get_runtime_function + (abfd, &arf, &pdata[altent - pdata_vma]); +-- +2.9.3 + |