packages/binutils
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Backport a fix about use-after-free issue

Browse Source 
(cherry picked from commit 848c2e062f9f525a562db3f8edd7ac45270f82ca)
This commit is contained in:
eastb233 2023-10-11 17:19:13 +08:00 committed by openeuler-sync-bot
parent c724e6cbf5
commit bc890d8b94
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
backport-asan-readelf-use-after-free-in-process_archive.patch Normal file
View File

@ -0,0 +1,48 @@
From cfc16775b7678e1ad8f9fce048652defd78e3787 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Sat, 27 Jun 2020 12:47:45 +0930
Subject: [PATCH] asan: readelf: use after free in process_archive
Reference: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=cfc16775b7678e1ad8f9fce048652defd78e3787
This tidies up in cases where fuzzed thin archives hit the error return
path in setup_nested_archive.
* elfcomm.c (setup_nested_archive): Set nested_arch->file to NULL
after freeing.
(release_archive): Set fields of arch to NULL after freeing.
---
binutils/ChangeLog | 6 ++++++
binutils/elfcomm.c | 9 ++++++++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/binutils/elfcomm.c b/binutils/elfcomm.c
index 558afa7d056..37f9dbe7eef 100644
--- a/binutils/elfcomm.c
+++ b/binutils/elfcomm.c
@@ -727,7 +727,10 @@ setup_nested_archive (struct archive_info *nested_arch,
/* Close previous file and discard cached information. */
if (nested_arch->file != NULL)
- fclose (nested_arch->file);
+ {
+ fclose (nested_arch->file);
+ nested_arch->file = NULL;
+ }
release_archive (nested_arch);
member_file = fopen (member_file_name, "rb");
@@ -748,6 +751,10 @@ release_archive (struct archive_info * arch)
free (arch->sym_table);
if (arch->longnames != NULL)
free (arch->longnames);
+ arch->file_name = NULL;
+ arch->index_array = NULL;
+ arch->sym_table = NULL;
+ arch->longnames = NULL;
}
/* Get the name of an archive member from the current archive header.
--
2.19.1

6
binutils.spec
View File

@ -1,7 +1,7 @@
Summary: Binary utilities
Name: binutils
Version: 2.34
Release: 29
Release: 30
License: GPLv3+
URL: https://sourceware.org/binutils
@ -67,6 +67,7 @@ Patch50: backport-CVE-2022-48064.patch
Patch51: backport-asan-print_vms_time-signed-integer-overflow.patch
Patch52: backport-ubsan-shift-exponent-70-is-too-large.patch
Patch53: backport-ubsan-shift-exponent-is-too-large.patch
Patch54: backport-asan-readelf-use-after-free-in-process_archive.patch
Provides: bundled(libiberty)
@ -318,6 +319,9 @@ fi
%{_infodir}/bfd*info*
%changelog
* Wed Oct 11 2023 eastb233 <xiezhiheng@huawei.com> - 2.34-30
- Backport a fix about use-after-free issue
* Wed Oct 11 2023 eastb233 <xiezhiheng@huawei.com> - 2.34-29
- Backport some fixes about undefined shift and integer overflow issues