diff --git a/binutils-2.24-corrupt-groups.patch b/binutils-2.24-corrupt-groups.patch new file mode 100644 index 0000000..b0637f3 --- /dev/null +++ b/binutils-2.24-corrupt-groups.patch @@ -0,0 +1,86 @@ +*** ../binutils-2.24.orig/bfd/elf.c 2014-10-27 12:47:20.989181791 +0000 +--- bfd/elf.c 2014-10-27 12:47:33.296248170 +0000 +*************** setup_group (bfd *abfd, Elf_Internal_Shd +*** 608,616 **** + if (shdr->contents == NULL) + { + _bfd_error_handler +! (_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size); + bfd_set_error (bfd_error_bad_value); +! return FALSE; + } + + memset (shdr->contents, 0, amt); +--- 608,617 ---- + if (shdr->contents == NULL) + { + _bfd_error_handler +! (_("%B: corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size); + bfd_set_error (bfd_error_bad_value); +! -- num_group; +! continue; + } + + memset (shdr->contents, 0, amt); +*************** setup_group (bfd *abfd, Elf_Internal_Shd +*** 618,625 **** + if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0 + || (bfd_bread (shdr->contents, shdr->sh_size, abfd) + != shdr->sh_size)) +! return FALSE; +! + /* Translate raw contents, a flag word followed by an + array of elf section indices all in target byte order, + to the flag word followed by an array of elf section +--- 619,635 ---- + if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0 + || (bfd_bread (shdr->contents, shdr->sh_size, abfd) + != shdr->sh_size)) +! { +! _bfd_error_handler +! (_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size); +! bfd_set_error (bfd_error_bad_value); +! -- num_group; +! /* PR 17510: If the group contents are even partially +! corrupt, do not allow any of the contents to be used. */ +! memset (shdr->contents, 0, amt); +! continue; +! } +! + /* Translate raw contents, a flag word followed by an + array of elf section indices all in target byte order, + to the flag word followed by an array of elf section +*************** setup_group (bfd *abfd, Elf_Internal_Shd +*** 651,656 **** +--- 661,681 ---- + } + } + } ++ ++ /* PR 17510: Corrupt binaries might contain invalid groups. */ ++ if (num_group != (unsigned) elf_tdata (abfd)->num_group) ++ { ++ elf_tdata (abfd)->num_group = num_group; ++ ++ /* If all groups are invalid then fail. */ ++ if (num_group == 0) ++ { ++ elf_tdata (abfd)->group_sect_ptr = NULL; ++ elf_tdata (abfd)->num_group = num_group = -1; ++ (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd); ++ bfd_set_error (bfd_error_bad_value); ++ } ++ } + } + } + +*************** setup_group (bfd *abfd, Elf_Internal_Shd +*** 716,721 **** +--- 741,747 ---- + { + (*_bfd_error_handler) (_("%B: no group info for section %A"), + abfd, newsect); ++ return FALSE; + } + return TRUE; + } diff --git a/binutils.spec b/binutils.spec index d8f7093..15d1018 100644 --- a/binutils.spec +++ b/binutils.spec @@ -19,7 +19,7 @@ Summary: A GNU collection of binary utilities Name: %{?cross}binutils%{?_with_debug:-debug} Version: 2.24 -Release: 24%{?dist} +Release: 25%{?dist} License: GPLv3+ Group: Development/Tools URL: http://sources.redhat.com/binutils @@ -73,6 +73,7 @@ Patch28: binutils-2.24-aarch64-fix-static-ifunc.patch Patch29: binutils-2.24-aarch64-fix-ie-relax.patch Patch30: binutils-HEAD-change-ld-notice-interface.patch Patch31: binutils-2.24-corrupt-srec.patch +Patch32: binutils-2.24-corrupt-groups.patch Provides: bundled(libiberty) @@ -208,6 +209,7 @@ using libelf instead of BFD. %patch29 -p1 -b .aa64-3~ %patch30 -p1 -b .ldplugin~ %patch31 -p0 -b .srec~ +%patch32 -p0 -b .groups~ # We cannot run autotools as there is an exact requirement of autoconf-2.59. @@ -522,6 +524,10 @@ exit 0 %endif # %{isnative} %changelog +* Mon Oct 27 2014 Nick Clifton - 2.24-25 +- Import patch from mainline to fix seg-fault when reading corrupt group headers. + Resolves: BZ #1157276 + * Fri Oct 24 2014 Nick Clifton - 2.24-24 - Import patch from mainline to fix seg-fault when reading corrupt srec fields. Resolves: BZ #1156272