From 61874fdc96a88a91a442d2202edb441cbed9d5f0 Mon Sep 17 00:00:00 2001 From: Yasuhiro Kimura Date: Tue, 25 May 2021 04:42:43 +0900 Subject: [PATCH] devel/binutils: Add upstream patch to fix CVE-2021-3487 Add upstream patch to fix CVE-2021-3487. --- devel/binutils/Makefile | 2 +- devel/binutils/files/patch-CVE-2021-3487 | 75 ++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 1 deletion(-) create mode 100644 devel/binutils/files/patch-CVE-2021-3487 diff --git a/devel/binutils/Makefile b/devel/binutils/Makefile index 2b8517bc4d9b..3d3762653bd7 100644 --- a/devel/binutils/Makefile +++ b/devel/binutils/Makefile @@ -2,7 +2,7 @@ PORTNAME= binutils PORTVERSION= 2.33.1 -PORTREVISION= 4 +PORTREVISION= 5 PORTEPOCH?= 1 CATEGORIES?= devel MASTER_SITES= SOURCEWARE/binutils/releases diff --git a/devel/binutils/files/patch-CVE-2021-3487 b/devel/binutils/files/patch-CVE-2021-3487 new file mode 100644 index 000000000000..05e9d63642f9 --- /dev/null +++ b/devel/binutils/files/patch-CVE-2021-3487 @@ -0,0 +1,75 @@ +From a782e724be101be550bb47b4e6a2a0c92475c494 Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Thu, 26 Nov 2020 17:08:33 +0000 +Subject: [PATCH] Prevent a memory allocation failure when parsing corrupt + DWARF debug sections. + + PR 26946 + * dwarf2.c (read_section): Check for debug sections with excessive + sizes. +--- + bfd/dwarf2.c | 25 +++++++++++++++++++------ + 1 file changed, 19 insertions(+), 6 deletions(-) + +diff --git bfd/dwarf2.c bfd/dwarf2.c +index ed6dcd48c7f..348e69cb063 100644 +--- bfd/dwarf2.c ++++ bfd/dwarf2.c +@@ -527,22 +527,24 @@ read_section (bfd * abfd, + bfd_byte ** section_buffer, + bfd_size_type * section_size) + { +- asection *msec; + const char *section_name = sec->uncompressed_name; + bfd_byte *contents = *section_buffer; +- bfd_size_type amt; + + /* The section may have already been read. */ + if (contents == NULL) + { ++ bfd_size_type amt; ++ asection *msec; ++ ufile_ptr filesize; ++ + msec = bfd_get_section_by_name (abfd, section_name); +- if (! msec) ++ if (msec == NULL) + { + section_name = sec->compressed_name; + if (section_name != NULL) + msec = bfd_get_section_by_name (abfd, section_name); + } +- if (! msec) ++ if (msec == NULL) + { + _bfd_error_handler (_("DWARF error: can't find %s section."), + sec->uncompressed_name); +@@ -550,12 +552,23 @@ read_section (bfd * abfd, + return FALSE; + } + +- *section_size = msec->rawsize ? msec->rawsize : msec->size; ++ amt = bfd_get_section_limit_octets (abfd, msec); ++ filesize = bfd_get_file_size (abfd); ++ if (amt >= filesize) ++ { ++ /* PR 26946 */ ++ _bfd_error_handler (_("DWARF error: section %s is larger than its filesize! (0x%lx vs 0x%lx)"), ++ section_name, (long) amt, (long) filesize); ++ bfd_set_error (bfd_error_bad_value); ++ return FALSE; ++ } ++ *section_size = amt; + /* Paranoia - alloc one extra so that we can make sure a string + section is NUL terminated. */ +- amt = *section_size + 1; ++ amt += 1; + if (amt == 0) + { ++ /* Paranoia - this should never happen. */ + bfd_set_error (bfd_error_no_memory); + return FALSE; + } +-- +2.31.1 + -- 2.31.1