aboutsummaryrefslogtreecommitdiffstats
path: root/main/binutils/CVE-2021-3487.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/binutils/CVE-2021-3487.patch')
-rw-r--r--main/binutils/CVE-2021-3487.patch72
1 files changed, 0 insertions, 72 deletions
diff --git a/main/binutils/CVE-2021-3487.patch b/main/binutils/CVE-2021-3487.patch
deleted file mode 100644
index db99ae73d97..00000000000
--- a/main/binutils/CVE-2021-3487.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 647cebce12a6b0a26960220caff96ff38978cf24 Mon Sep 17 00:00:00 2001
-From: Nick Clifton <nickc@redhat.com>
-Date: Thu, 26 Nov 2020 17:08:33 +0000
-Subject: [PATCH] Prevent a memory allocation failure when parsing corrupt
- DWARF debug sections.
-
- PR 26946
- * dwarf2.c (read_section): Check for debug sections with excessive
- sizes.
-
-diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
-index 977bf43a6a1..8bbfc81d3e7 100644
---- a/bfd/dwarf2.c
-+++ b/bfd/dwarf2.c
-@@ -531,22 +531,24 @@ read_section (bfd * abfd,
- bfd_byte ** section_buffer,
- bfd_size_type * section_size)
- {
-- asection *msec;
- const char *section_name = sec->uncompressed_name;
- bfd_byte *contents = *section_buffer;
-- bfd_size_type amt;
-
- /* The section may have already been read. */
- if (contents == NULL)
- {
-+ bfd_size_type amt;
-+ asection *msec;
-+ ufile_ptr filesize;
-+
- msec = bfd_get_section_by_name (abfd, section_name);
-- if (! msec)
-+ if (msec == NULL)
- {
- section_name = sec->compressed_name;
- if (section_name != NULL)
- msec = bfd_get_section_by_name (abfd, section_name);
- }
-- if (! msec)
-+ if (msec == NULL)
- {
- _bfd_error_handler (_("DWARF error: can't find %s section."),
- sec->uncompressed_name);
-@@ -554,12 +556,23 @@ read_section (bfd * abfd,
- return FALSE;
- }
-
-- *section_size = msec->rawsize ? msec->rawsize : msec->size;
-+ amt = bfd_get_section_limit_octets (abfd, msec);
-+ filesize = bfd_get_file_size (abfd);
-+ if (amt >= filesize)
-+ {
-+ /* PR 26946 */
-+ _bfd_error_handler (_("DWARF error: section %s is larger than its filesize! (0x%lx vs 0x%lx)"),
-+ section_name, (long) amt, (long) filesize);
-+ bfd_set_error (bfd_error_bad_value);
-+ return FALSE;
-+ }
-+ *section_size = amt;
- /* Paranoia - alloc one extra so that we can make sure a string
- section is NUL terminated. */
-- amt = *section_size + 1;
-+ amt += 1;
- if (amt == 0)
- {
-+ /* Paranoia - this should never happen. */
- bfd_set_error (bfd_error_no_memory);
- return FALSE;
- }
---
-2.27.0
-
generated by cgit v1.2.3 (git 2.41.0) at 2024-04-25 14:01:42 +0000