[binutils/f20] Import patch from mainline to fix seg-fault when reading corrupt group headers. Resolves: BZ #115727

Nicholas Clifton nickc at fedoraproject.org
Mon Oct 27 13:35:27 UTC 2014 

commit e19e824c97924de3c7b038f3c07c2213d5752d2e
Author: Nick Clifton <nickc at redhat.com>
Date:   Mon Oct 27 13:35:17 2014 +0000

    Import patch from mainline to fix seg-fault when reading corrupt group headers.
    Resolves: BZ #1157276, #11527277

 binutils-2.24-corrupt-groups.patch |   86 ++++++++++++++++++++++++++++++++++++
 binutils.spec                      |    9 +++-
 2 files changed, 94 insertions(+), 1 deletions(-)
---
diff --git a/binutils-2.24-corrupt-groups.patch b/binutils-2.24-corrupt-groups.patch
new file mode 100644
index 0000000..b0637f3
--- /dev/null
+++ b/binutils-2.24-corrupt-groups.patch
@@ -0,0 +1,86 @@
+*** ../binutils-2.24.orig/bfd/elf.c	2014-10-27 12:47:20.989181791 +0000
+--- bfd/elf.c	2014-10-27 12:47:33.296248170 +0000
+*************** setup_group (bfd *abfd, Elf_Internal_Shd
+*** 608,616 ****
+  		  if (shdr->contents == NULL)
+  		    {
+  		      _bfd_error_handler
+! 			(_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+  		      bfd_set_error (bfd_error_bad_value);
+! 		      return FALSE;
+  		    }
+  
+  		  memset (shdr->contents, 0, amt);
+--- 608,617 ----
+  		  if (shdr->contents == NULL)
+  		    {
+  		      _bfd_error_handler
+! 			(_("%B: corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+  		      bfd_set_error (bfd_error_bad_value);
+! 		      -- num_group;
+! 		      continue;
+  		    }
+  
+  		  memset (shdr->contents, 0, amt);
+*************** setup_group (bfd *abfd, Elf_Internal_Shd
+*** 618,625 ****
+  		  if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
+  		      || (bfd_bread (shdr->contents, shdr->sh_size, abfd)
+  			  != shdr->sh_size))
+! 		    return FALSE;
+! 
+  		  /* Translate raw contents, a flag word followed by an
+  		     array of elf section indices all in target byte order,
+  		     to the flag word followed by an array of elf section
+--- 619,635 ----
+  		  if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
+  		      || (bfd_bread (shdr->contents, shdr->sh_size, abfd)
+  			  != shdr->sh_size))
+! 		    {
+! 		      _bfd_error_handler
+! 			(_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+! 		      bfd_set_error (bfd_error_bad_value);
+! 		      -- num_group;
+! 		      /* PR 17510: If the group contents are even partially
+! 			 corrupt, do not allow any of the contents to be used.  */
+! 		      memset (shdr->contents, 0, amt);
+! 		      continue;
+! 		    }
+! 		  
+  		  /* Translate raw contents, a flag word followed by an
+  		     array of elf section indices all in target byte order,
+  		     to the flag word followed by an array of elf section
+*************** setup_group (bfd *abfd, Elf_Internal_Shd
+*** 651,656 ****
+--- 661,681 ----
+  		    }
+  		}
+  	    }
++ 
++ 	  /* PR 17510: Corrupt binaries might contain invalid groups.  */
++ 	  if (num_group != (unsigned) elf_tdata (abfd)->num_group)
++ 	    {
++ 	      elf_tdata (abfd)->num_group = num_group;
++ 
++ 	      /* If all groups are invalid then fail.  */
++ 	      if (num_group == 0)
++ 		{
++ 		  elf_tdata (abfd)->group_sect_ptr = NULL;
++ 		  elf_tdata (abfd)->num_group = num_group = -1;
++ 		  (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd);
++ 		  bfd_set_error (bfd_error_bad_value);
++ 		}
++ 	    }
+  	}
+      }
+  
+*************** setup_group (bfd *abfd, Elf_Internal_Shd
+*** 716,721 ****
+--- 741,747 ----
+      {
+        (*_bfd_error_handler) (_("%B: no group info for section %A"),
+  			     abfd, newsect);
++       return FALSE;
+      }
+    return TRUE;
+  }
diff --git a/binutils.spec b/binutils.spec
index 3240698..38a312b 100644
--- a/binutils.spec
+++ b/binutils.spec
@@ -27,7 +27,7 @@ Name: %{?cross}binutils%{?_with_debug:-debug}
 # official binutils release happens (2.24.0) we will be able to restore
 # Version to an honest value and everything will be good again.
 Version: 2.23.88.0.1
-Release: 19%{?dist}
+Release: 20%{?dist}
 License: GPLv3+
 Group: Development/Tools
 URL: http://sources.redhat.com/binutils
@@ -90,6 +90,8 @@ Patch27: binutils-2.23.2-fake-zlib-sections.patch
 Patch28: binutils-2.23.2-arm-gas-whitespace.patch
 # Fix seg-fault when parsing corrupt srec files.
 Patch29: binutils-2.24-corrupt-srec.patch
+# Fix seg-fault when parsing corrupt ELF group headers.
+Patch30: binutils-2.24-corrupt-groups.patch
 
 Provides: bundled(libiberty)
 
@@ -224,6 +226,7 @@ using libelf instead of BFD.
 %patch27 -p0 -b .fake-zlib~ 
 %patch28 -p0 -b .arm-whitespace~ 
 %patch29 -p0 -b .srec~
+%patch30 -p0 -b .groups~
 
 # We cannot run autotools as there is an exact requirement of autoconf-2.59.
 
@@ -529,6 +532,10 @@ exit 0
 %endif # %{isnative}
 
 %changelog
+* Mon Oct 27 2014 Nick Clifton <nickc at redhat.com> - 2.23.88.0.1-20
+- Import patch from mainline to fix seg-fault when reading corrupt group headers.
+  Resolves: BZ #1157276, #11527277
+
 * Fri Oct 24 2014 Nick Clifton <nickc at redhat.com> - 2.23.88.0.1-19
 - Import patch from mainline to fix seg-fault when reading corrupt srec fields.
   Resolves: BZ #1156272

More information about the scm-commits mailing list