https://sourceware.org/bugzilla/show_bug.cgi?id=23657

* https://sourceware.org/bugzilla/show_bug.cgi?id=23657
@ 2019-10-30  9:25 Umesh Kalappa
  2019-10-30 19:20 ` https://sourceware.org/bugzilla/show_bug.cgi?id=23657 Randy MacLeod
  0 siblings, 1 reply; 2+ messages in thread
From: Umesh Kalappa @ 2019-10-30  9:25 UTC (permalink / raw)
  To: akuster808; +Cc: openembedded-core

[-- Attachment #1: Type: text/plain, Size: 244 bytes --]

Hi Kuster ,

Attached patch, fix the subjected issue (where we discard these weird
sections from the final object file) and verified the same in the
master.

Please let us know your comments/suggestions on the same.

Thank you
~Umesh

[-- Attachment #2: 0001-CVE-2019-1010180.patch --]
[-- Type: application/octet-stream, Size: 2585 bytes --]

From 17dd66f13a7f91af17d636288a257a2fa0ea8e93 Mon Sep 17 00:00:00 2001
From: Vinay Kumar <vinay.kumar@blackfigtech.com>
Date: Tue, 29 Oct 2019 12:53:37 +0000
Subject: [PATCH] CVE-2019-1010180 fix

---
 meta/recipes-devtools/gdb/gdb-8.3.1.inc       |  1 +
 .../gdb/gdb/CVE-2019-1010180.patch            | 34 +++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-devtools/gdb/gdb/CVE-2019-1010180.patch

diff --git a/meta/recipes-devtools/gdb/gdb-8.3.1.inc b/meta/recipes-devtools/gdb/gdb-8.3.1.inc
index 39f1c48..aec913f 100644
--- a/meta/recipes-devtools/gdb/gdb-8.3.1.inc
+++ b/meta/recipes-devtools/gdb/gdb-8.3.1.inc
@@ -16,6 +16,7 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \
            file://0009-Change-order-of-CFLAGS.patch \
            file://0010-resolve-restrict-keyword-conflict.patch \
            file://0011-Fix-invalid-sigprocmask-call.patch \
+           file://CVE-2019-1010180.patch \
            "
 SRC_URI[md5sum] = "73b6a5d8141672c62bf851cd34c4aa83"
 SRC_URI[sha256sum] = "1e55b4d7cdca7b34be12f4ceae651623aa73b2fd640152313f9f66a7149757c4"
diff --git a/meta/recipes-devtools/gdb/gdb/CVE-2019-1010180.patch b/meta/recipes-devtools/gdb/gdb/CVE-2019-1010180.patch
new file mode 100644
index 0000000..6e52024
--- /dev/null
+++ b/meta/recipes-devtools/gdb/gdb/CVE-2019-1010180.patch
@@ -0,0 +1,34 @@
+diff --git a/gdb/ChangeLog b/gdb/ChangeLog
+index 961a2e2..1dfb0cb 100644
+--- a/gdb/ChangeLog
++++ b/gdb/ChangeLog
+@@ -1,3 +1,9 @@
++2019-10-16  Keith Seitz  <keiths@redhat.com>
++
++	PR gdb/23567
++	* dwarf2read.c (dwarf2_per_objfile::locate_sections): Discard
++	sections whose size is greater than the file size.
++
+ 2019-09-20  Joel Brobecker  <brobecker@adacore.com>
+ 
+ 	* version.in: Set GDB version number to 8.3.1.
+diff --git a/gdb/dwarf2read.c b/gdb/dwarf2read.c
+index 4251ed0..fafdb89 100644
+--- a/gdb/dwarf2read.c
++++ b/gdb/dwarf2read.c
+@@ -2378,6 +2378,15 @@ dwarf2_per_objfile::locate_sections (bfd *abfd, asection *sectp,
+   if ((aflag & SEC_HAS_CONTENTS) == 0)
+     {
+     }
++  else if (elf_section_data (sectp)->this_hdr.sh_size
++	   > bfd_get_file_size (abfd))
++    {
++      bfd_size_type size = elf_section_data (sectp)->this_hdr.sh_size;
++      warning (_("Discarding section %s which has a section size (%s"
++		 ") larger than the file size [in module %s]"),
++	       bfd_section_name (abfd, sectp), phex_nz (size, sizeof (size)),
++	       bfd_get_filename (abfd));
++    }
+   else if (section_is_p (sectp->name, &names.info))
+     {
+       this->info.s.section = sectp;
-- 
2.18.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread