rpms / gcc-toolset-9-binutils

Clone
Source Code
GIT

Blame SOURCES/binutils-CVE-2019-9075.patch

c8 c8-beta c8s
  1.   0e5f8d4d1ddb63f1ed79ddfc46e8f4c2407d09a0
  2.   SOURCES
  3.   binutils-CVE-2019-9075.patch
Blob History Raw
0e5f8d 
diff -rup binutils.orig/bfd/archive64.c binutils-2.31.1/bfd/archive64.c
0e5f8d 
--- binutils.orig/bfd/archive64.c	2019-02-26 11:17:11.882530151 +0000
0e5f8d 
+++ binutils-2.31.1/bfd/archive64.c	2019-02-26 11:19:18.422488805 +0000
0e5f8d 
@@ -100,8 +100,6 @@ _bfd_archive_64_bit_slurp_armap (bfd *ab
0e5f8d 
     return FALSE;
0e5f8d 
   carsyms = ardata->symdefs;
0e5f8d 
   stringbase = ((char *) ardata->symdefs) + carsym_size;
0e5f8d 
-  stringbase[stringsize] = 0;
0e5f8d 
-  stringend = stringbase + stringsize;
0e5f8d
0e5f8d 
   raw_armap = (bfd_byte *) bfd_alloc (abfd, ptrsize);
0e5f8d 
   if (raw_armap == NULL)
0e5f8d 
@@ -115,15 +113,17 @@ _bfd_archive_64_bit_slurp_armap (bfd *ab
0e5f8d 
       goto release_raw_armap;
0e5f8d 
     }
0e5f8d
0e5f8d 
+  stringend = stringbase + stringsize;
0e5f8d 
+  *stringend = 0;
0e5f8d 
   for (i = 0; i < nsymz; i++)
0e5f8d 
     {
0e5f8d 
       carsyms->file_offset = bfd_getb64 (raw_armap + i * 8);
0e5f8d 
       carsyms->name = stringbase;
0e5f8d 
-      if (stringbase < stringend)
0e5f8d 
-	stringbase += strlen (stringbase) + 1;
0e5f8d 
+      stringbase += strlen (stringbase);
0e5f8d 
+      if (stringbase != stringend)
0e5f8d 
+	++stringbase;
0e5f8d 
       ++carsyms;
0e5f8d 
     }
0e5f8d 
-  *stringbase = '\0';
0e5f8d
0e5f8d 
   ardata->symdef_count = nsymz;
0e5f8d 
   ardata->first_file_filepos = bfd_tell (abfd);
0e5f8d 
diff -rup binutils.orig/bfd/archive.c binutils-2.31.1/bfd/archive.c
0e5f8d 
--- binutils.orig/bfd/archive.c	2019-02-26 11:17:11.884530134 +0000
0e5f8d 
+++ binutils-2.31.1/bfd/archive.c	2019-02-26 11:18:33.354859687 +0000
0e5f8d 
@@ -1014,6 +1014,7 @@ do_slurp_coff_armap (bfd *abfd)
0e5f8d 
   int *raw_armap, *rawptr;
0e5f8d 
   struct artdata *ardata = bfd_ardata (abfd);
0e5f8d 
   char *stringbase;
0e5f8d 
+  char *stringend;
0e5f8d 
   bfd_size_type stringsize;
0e5f8d 
   bfd_size_type parsed_size;
0e5f8d 
   carsym *carsyms;
0e5f8d 
@@ -1073,22 +1074,20 @@ do_slurp_coff_armap (bfd *abfd)
0e5f8d 
     }
0e5f8d
0e5f8d 
   /* OK, build the carsyms.  */
0e5f8d 
-  for (i = 0; i < nsymz && stringsize > 0; i++)
0e5f8d 
+  stringend = stringbase + stringsize;
0e5f8d 
+  *stringend = 0;
0e5f8d 
+  for (i = 0; i < nsymz; i++)
0e5f8d 
     {
0e5f8d 
       bfd_size_type len;
0e5f8d
0e5f8d 
       rawptr = raw_armap + i;
0e5f8d 
       carsyms->file_offset = swap ((bfd_byte *) rawptr);
0e5f8d 
       carsyms->name = stringbase;
0e5f8d 
-      /* PR 17512: file: 4a1d50c1.  */
0e5f8d 
-      len = strnlen (stringbase, stringsize);
0e5f8d 
-      if (len < stringsize)
0e5f8d 
-	len ++;
0e5f8d 
-      stringbase += len;
0e5f8d 
-      stringsize -= len;
0e5f8d 
+      stringbase += strlen (stringbase);
0e5f8d 
+      if (stringbase != stringend)
0e5f8d 
+	++stringbase;
0e5f8d 
       carsyms++;
0e5f8d 
     }
0e5f8d 
-  *stringbase = 0;
0e5f8d
0e5f8d 
   ardata->symdef_count = nsymz;
0e5f8d 
   ardata->first_file_filepos = bfd_tell (abfd);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation