Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 477738 Details for
Bug 622500
=sys-devel/binutils-2.28-r2 on ia64 fails to build gcc (both on ia64 and ~ia64)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
binutils-2.28-bfd-elf.c-fix-out-of-bounds-access-in-find_link.patch
binutils-2.28-bfd-elf.c-fix-out-of-bounds-access-in-find_link.patch (text/plain), 1.95 KB, created by
Sergei Trofimovich (RETIRED)
on 2017-06-23 21:34:59 UTC
(
hide
)
Description:
binutils-2.28-bfd-elf.c-fix-out-of-bounds-access-in-find_link.patch
Filename:
MIME Type:
Creator:
Sergei Trofimovich (RETIRED)
Created:
2017-06-23 21:34:59 UTC
Size:
1.95 KB
patch
obsolete
>From 45ad6ab2d45a7cda9b8f81f4426370eb9f78e221 Mon Sep 17 00:00:00 2001 >From: Sergei Trofimovich <slyfox@gentoo.org> >Date: Fri, 23 Jun 2017 22:09:29 +0100 >Subject: [PATCH] bfd/elf.c: fix out-of-bounds access in find_link() > >The out-of-bounds access is reproducible on 'ia64-strip' command >(see sample from https://bugs.gentoo.org/show_bug.cgi?id=622500) > >The output file contains less section than original one. >This tricks 'hint' access to go out-of-bounds: > >==17093==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a000000598 ... >READ of size 8 at 0x61a000000598 thread T0 > #0 0x7feeb6dd4333 in find_link binutils-gdb/bfd/elf.c:1295 > #1 0x7feeb6dd48a1 in copy_special_section_fields binutils-gdb/bfd/elf.c:1379 > #2 0x7feeb6dd5391 in _bfd_elf_copy_private_bfd_data binutils-gdb/bfd/elf.c:1501 > #3 0x5623789a0952 in copy_object binutils-gdb/binutils/objcopy.c:2974 > #4 0x5623789a25d4 in copy_file binutils-gdb/binutils/objcopy.c:3336 > #5 0x5623789a6856 in strip_main binutils-gdb/binutils/objcopy.c:4261 > #6 0x5623789ab0f9 in main binutils-gdb/binutils/objcopy.c:5368 > #7 0x7feeb650f3f9 in __libc_start_main (/lib64/libc.so.6+0x39648203f9) > #8 0x562378996259 in _start (binutils-gdb/binutils/.libs/strip-new+0x16259) > >The fix is simple: check hint against array size. >This makes gcc compile successfully on ia64. > >Bug: https://bugs.gentoo.org/622500 >Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> >--- > bfd/elf.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/bfd/elf.c b/bfd/elf.c >index 5f37e7f79c..abb1499893 100644 >--- a/bfd/elf.c >+++ b/bfd/elf.c >@@ -1291,7 +1291,8 @@ find_link (const bfd * obfd, const Elf_Internal_Shdr * iheader, const unsigned i > BFD_ASSERT (iheader != NULL); > > /* See PR 20922 for a reproducer of the NULL test. */ >- if (oheaders[hint] != NULL >+ if (hint < elf_numsections (obfd) >+ && oheaders[hint] != NULL > && section_match (oheaders[hint], iheader)) > return hint; > >-- >2.13.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=477738">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 622500
: 477738
