[binutils/f20] Import patch from mainline to fix seg-fault when reading corrupt group headers. Resolves: BZ #115727
Nicholas Clifton
nickc at fedoraproject.org
Mon Oct 27 13:35:27 UTC 2014
commit e19e824c97924de3c7b038f3c07c2213d5752d2e
Author: Nick Clifton <nickc at redhat.com>
Date: Mon Oct 27 13:35:17 2014 +0000
Import patch from mainline to fix seg-fault when reading corrupt group headers.
Resolves: BZ #1157276, #11527277
binutils-2.24-corrupt-groups.patch | 86 ++++++++++++++++++++++++++++++++++++
binutils.spec | 9 +++-
2 files changed, 94 insertions(+), 1 deletions(-)
---
diff --git a/binutils-2.24-corrupt-groups.patch b/binutils-2.24-corrupt-groups.patch
new file mode 100644
index 0000000..b0637f3
--- /dev/null
+++ b/binutils-2.24-corrupt-groups.patch
@@ -0,0 +1,86 @@
+*** ../binutils-2.24.orig/bfd/elf.c 2014-10-27 12:47:20.989181791 +0000
+--- bfd/elf.c 2014-10-27 12:47:33.296248170 +0000
+*************** setup_group (bfd *abfd, Elf_Internal_Shd
+*** 608,616 ****
+ if (shdr->contents == NULL)
+ {
+ _bfd_error_handler
+! (_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+ bfd_set_error (bfd_error_bad_value);
+! return FALSE;
+ }
+
+ memset (shdr->contents, 0, amt);
+--- 608,617 ----
+ if (shdr->contents == NULL)
+ {
+ _bfd_error_handler
+! (_("%B: corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+ bfd_set_error (bfd_error_bad_value);
+! -- num_group;
+! continue;
+ }
+
+ memset (shdr->contents, 0, amt);
+*************** setup_group (bfd *abfd, Elf_Internal_Shd
+*** 618,625 ****
+ if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
+ || (bfd_bread (shdr->contents, shdr->sh_size, abfd)
+ != shdr->sh_size))
+! return FALSE;
+!
+ /* Translate raw contents, a flag word followed by an
+ array of elf section indices all in target byte order,
+ to the flag word followed by an array of elf section
+--- 619,635 ----
+ if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
+ || (bfd_bread (shdr->contents, shdr->sh_size, abfd)
+ != shdr->sh_size))
+! {
+! _bfd_error_handler
+! (_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+! bfd_set_error (bfd_error_bad_value);
+! -- num_group;
+! /* PR 17510: If the group contents are even partially
+! corrupt, do not allow any of the contents to be used. */
+! memset (shdr->contents, 0, amt);
+! continue;
+! }
+!
+ /* Translate raw contents, a flag word followed by an
+ array of elf section indices all in target byte order,
+ to the flag word followed by an array of elf section
+*************** setup_group (bfd *abfd, Elf_Internal_Shd
+*** 651,656 ****
+--- 661,681 ----
+ }
+ }
+ }
++
++ /* PR 17510: Corrupt binaries might contain invalid groups. */
++ if (num_group != (unsigned) elf_tdata (abfd)->num_group)
++ {
++ elf_tdata (abfd)->num_group = num_group;
++
++ /* If all groups are invalid then fail. */
++ if (num_group == 0)
++ {
++ elf_tdata (abfd)->group_sect_ptr = NULL;
++ elf_tdata (abfd)->num_group = num_group = -1;
++ (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd);
++ bfd_set_error (bfd_error_bad_value);
++ }
++ }
+ }
+ }
+
+*************** setup_group (bfd *abfd, Elf_Internal_Shd
+*** 716,721 ****
+--- 741,747 ----
+ {
+ (*_bfd_error_handler) (_("%B: no group info for section %A"),
+ abfd, newsect);
++ return FALSE;
+ }
+ return TRUE;
+ }
diff --git a/binutils.spec b/binutils.spec
index 3240698..38a312b 100644
--- a/binutils.spec
+++ b/binutils.spec
@@ -27,7 +27,7 @@ Name: %{?cross}binutils%{?_with_debug:-debug}
# official binutils release happens (2.24.0) we will be able to restore
# Version to an honest value and everything will be good again.
Version: 2.23.88.0.1
-Release: 19%{?dist}
+Release: 20%{?dist}
License: GPLv3+
Group: Development/Tools
URL: http://sources.redhat.com/binutils
@@ -90,6 +90,8 @@ Patch27: binutils-2.23.2-fake-zlib-sections.patch
Patch28: binutils-2.23.2-arm-gas-whitespace.patch
# Fix seg-fault when parsing corrupt srec files.
Patch29: binutils-2.24-corrupt-srec.patch
+# Fix seg-fault when parsing corrupt ELF group headers.
+Patch30: binutils-2.24-corrupt-groups.patch
Provides: bundled(libiberty)
@@ -224,6 +226,7 @@ using libelf instead of BFD.
%patch27 -p0 -b .fake-zlib~
%patch28 -p0 -b .arm-whitespace~
%patch29 -p0 -b .srec~
+%patch30 -p0 -b .groups~
# We cannot run autotools as there is an exact requirement of autoconf-2.59.
@@ -529,6 +532,10 @@ exit 0
%endif # %{isnative}
%changelog
+* Mon Oct 27 2014 Nick Clifton <nickc at redhat.com> - 2.23.88.0.1-20
+- Import patch from mainline to fix seg-fault when reading corrupt group headers.
+ Resolves: BZ #1157276, #11527277
+
* Fri Oct 24 2014 Nick Clifton <nickc at redhat.com> - 2.23.88.0.1-19
- Import patch from mainline to fix seg-fault when reading corrupt srec fields.
Resolves: BZ #1156272
More information about the scm-commits
mailing list