首页 发现 帮助
登录
PUBLIC_REPOS
/
buildroot
镜像自地址 git://git.buildroot.net/buildroot
2
1
派生 0
文件
目录树: 12c01e4a05
分支列表 标签列表
buildroot
/
package
/
binutils
/
2.24
/
002-dont-segv-on-initial-instructions-overflow.patch

002-dont-segv-on-initial-instructions-overflow.patch 2.6 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. From: Alan Modra <amodra@gmail.com>
    2. 

  2. Date: Fri, 20 Dec 2013 13:27:52 +0000 (+1030)
    3. 

  3. Subject: Don't segv on cie.initial_instructions[] overflow.
    4. 

  4. X-Git-Tag: gdb-7.7-release~148
    5. 

  5. X-Git-Url: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff_plain;h=99d190fac4d2aab238cfc798dc5c28ab41456882
    6. 

  6. 

  7. Don't segv on cie.initial_instructions[] overflow.
    8. 

  8. 

  9. Don't attempt to merge CIEs with a larger number of insns than will
    10. 

  10. fit in the buffer.
    11. 

  11. 

  12. 	* elf-eh-frame.c (cie_eq): Return false when initial_insn_length
    13. 

  13. 	is too large.
    14. 

  14. 	(cie_compute_hash): Don't exceed bounds of initial_instructions.
    15. 

  15. 	(_bfd_elf_parse_eh_frame): Always set initial_insn_length, and
    16. 

  16. 	save as much of insns to initial_instructions[] as will fit.
    17. 

  17. ---
    18. 

  18. 

  19. diff --git a/bfd/elf-eh-frame.c b/bfd/elf-eh-frame.c
    20. 

  20. index 832a991..4b6e8ea 100644
    21. 

  21. --- a/bfd/elf-eh-frame.c
    22. 

  22. +++ b/bfd/elf-eh-frame.c
    23. 

  23. @@ -235,6 +235,7 @@ cie_eq (const void *e1, const void *e2)
    24. 

  24.        && c1->lsda_encoding == c2->lsda_encoding
    25. 

  25.        && c1->fde_encoding == c2->fde_encoding
    26. 

  26.        && c1->initial_insn_length == c2->initial_insn_length
    27. 

  27. +      && c1->initial_insn_length <= sizeof (c1->initial_instructions)
    28. 

  28.        && memcmp (c1->initial_instructions,
    29. 

  29.  		 c2->initial_instructions,
    30. 

  30.  		 c1->initial_insn_length) == 0)
    31. 

  31. @@ -254,6 +255,7 @@ static hashval_t
    32. 

  32.  cie_compute_hash (struct cie *c)
    33. 

  33.  {
    34. 

  34.    hashval_t h = 0;
    35. 

  35. +  size_t len;
    36. 

  36.    h = iterative_hash_object (c->length, h);
    37. 

  37.    h = iterative_hash_object (c->version, h);
    38. 

  38.    h = iterative_hash (c->augmentation, strlen (c->augmentation) + 1, h);
    39. 

  39. @@ -267,7 +269,10 @@ cie_compute_hash (struct cie *c)
    40. 

  40.    h = iterative_hash_object (c->lsda_encoding, h);
    41. 

  41.    h = iterative_hash_object (c->fde_encoding, h);
    42. 

  42.    h = iterative_hash_object (c->initial_insn_length, h);
    43. 

  43. -  h = iterative_hash (c->initial_instructions, c->initial_insn_length, h);
    44. 

  44. +  len = c->initial_insn_length;
    45. 

  45. +  if (len > sizeof (c->initial_instructions))
    46. 

  46. +    len = sizeof (c->initial_instructions);
    47. 

  47. +  h = iterative_hash (c->initial_instructions, len, h);
    48. 

  48.    c->hash = h;
    49. 

  49.    return h;
    50. 

  50.  }
    51. 

  51. @@ -762,11 +767,10 @@ _bfd_elf_parse_eh_frame (bfd *abfd, struct bfd_link_info *info,
    52. 

  52.  	    cie->fde_encoding = DW_EH_PE_absptr;
    53. 

  53.  
    54. 

  54.  	  initial_insn_length = end - buf;
    55. 

  55. -	  if (initial_insn_length <= sizeof (cie->initial_instructions))
    56. 

  56. -	    {
    57. 

  57. -	      cie->initial_insn_length = initial_insn_length;
    58. 

  58. -	      memcpy (cie->initial_instructions, buf, initial_insn_length);
    59. 

  59. -	    }
    60. 

  60. +	  cie->initial_insn_length = initial_insn_length;
    61. 

  61. +	  memcpy (cie->initial_instructions, buf,
    62. 

  62. +		  initial_insn_length <= sizeof (cie->initial_instructions)
    63. 

  63. +		  ? initial_insn_length : sizeof (cie->initial_instructions));
    64. 

  64.  	  insns = buf;
    65. 

  65.  	  buf += initial_insn_length;
    66. 

  66.  	  ENSURE_NO_RELOCS (buf);
    67.