summaryrefslogtreecommitdiff
path: root/system/binutils/CVE-2019-9075.patch
diff options
context:
space:
mode:
Diffstat (limited to 'system/binutils/CVE-2019-9075.patch')
-rw-r--r--system/binutils/CVE-2019-9075.patch96
1 files changed, 0 insertions, 96 deletions
diff --git a/system/binutils/CVE-2019-9075.patch b/system/binutils/CVE-2019-9075.patch
deleted file mode 100644
index 0084d3368..000000000
--- a/system/binutils/CVE-2019-9075.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 8abac8031ed369a2734b1cdb7df28a39a54b4b49 Mon Sep 17 00:00:00 2001
-From: Alan Modra <amodra@gmail.com>
-Date: Wed, 20 Feb 2019 08:21:24 +1030
-Subject: [PATCH] PR24236, Heap buffer overflow in
- _bfd_archive_64_bit_slurp_armap
-
- PR 24236
- * archive64.c (_bfd_archive_64_bit_slurp_armap): Move code adding
- sentinel NUL to string buffer nearer to loop where it is used.
- Don't go past sentinel when scanning strings, and don't write
- NUL again.
- * archive.c (do_slurp_coff_armap): Simplify string handling to
- archive64.c style.
----
- bfd/archive.c | 17 +++++++----------
- bfd/archive64.c | 10 +++++-----
- 3 files changed, 22 insertions(+), 15 deletions(-)
-
-diff --git a/bfd/archive.c b/bfd/archive.c
-index d2d9b72..68a92a3 100644
---- a/bfd/archive.c
-+++ b/bfd/archive.c
-@@ -1012,6 +1012,7 @@ do_slurp_coff_armap (bfd *abfd)
- int *raw_armap, *rawptr;
- struct artdata *ardata = bfd_ardata (abfd);
- char *stringbase;
-+ char *stringend;
- bfd_size_type stringsize;
- bfd_size_type parsed_size;
- carsym *carsyms;
-@@ -1071,22 +1072,18 @@ do_slurp_coff_armap (bfd *abfd)
- }
-
- /* OK, build the carsyms. */
-- for (i = 0; i < nsymz && stringsize > 0; i++)
-+ stringend = stringbase + stringsize;
-+ *stringend = 0;
-+ for (i = 0; i < nsymz; i++)
- {
-- bfd_size_type len;
--
- rawptr = raw_armap + i;
- carsyms->file_offset = swap ((bfd_byte *) rawptr);
- carsyms->name = stringbase;
-- /* PR 17512: file: 4a1d50c1. */
-- len = strnlen (stringbase, stringsize);
-- if (len < stringsize)
-- len ++;
-- stringbase += len;
-- stringsize -= len;
-+ stringbase += strlen (stringbase);
-+ if (stringbase != stringend)
-+ ++stringbase;
- carsyms++;
- }
-- *stringbase = 0;
-
- ardata->symdef_count = nsymz;
- ardata->first_file_filepos = bfd_tell (abfd);
-diff --git a/bfd/archive64.c b/bfd/archive64.c
-index 312bf82..42f6ed9 100644
---- a/bfd/archive64.c
-+++ b/bfd/archive64.c
-@@ -100,8 +100,6 @@ _bfd_archive_64_bit_slurp_armap (bfd *abfd)
- return FALSE;
- carsyms = ardata->symdefs;
- stringbase = ((char *) ardata->symdefs) + carsym_size;
-- stringbase[stringsize] = 0;
-- stringend = stringbase + stringsize;
-
- raw_armap = (bfd_byte *) bfd_alloc (abfd, ptrsize);
- if (raw_armap == NULL)
-@@ -115,15 +113,17 @@ _bfd_archive_64_bit_slurp_armap (bfd *abfd)
- goto release_raw_armap;
- }
-
-+ stringend = stringbase + stringsize;
-+ *stringend = 0;
- for (i = 0; i < nsymz; i++)
- {
- carsyms->file_offset = bfd_getb64 (raw_armap + i * 8);
- carsyms->name = stringbase;
-- if (stringbase < stringend)
-- stringbase += strlen (stringbase) + 1;
-+ stringbase += strlen (stringbase);
-+ if (stringbase != stringend)
-+ ++stringbase;
- ++carsyms;
- }
-- *stringbase = '\0';
-
- ardata->symdef_count = nsymz;
- ardata->first_file_filepos = bfd_tell (abfd);
---
-2.9.3
-
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-02-04 14:43:10 +0000