From 9554a932e9bba6a400e2eb6f84c4018898a7aa5d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?coadde=20=5BM=C3=A1rcio=20Alexandre=20Silva=20Delgado=5D?=
 <coadde@parabola.nu>
Date: Sun, 30 Nov 2014 13:34:20 -0200
Subject: update cross-binutils

---
 .../binutils-2.24-CVE-2014-8485.patch              | 70 ++++++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100644 cross/cross-binutils/binutils-2.24-CVE-2014-8485.patch

(limited to 'cross/cross-binutils/binutils-2.24-CVE-2014-8485.patch')

diff --git a/cross/cross-binutils/binutils-2.24-CVE-2014-8485.patch b/cross/cross-binutils/binutils-2.24-CVE-2014-8485.patch
new file mode 100644
index 000000000..705c74835
--- /dev/null
+++ b/cross/cross-binutils/binutils-2.24-CVE-2014-8485.patch
@@ -0,0 +1,70 @@
+diff --git a/bfd/elf.c b/bfd/elf.c
+index c884d1d..c8ac826 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -608,9 +608,10 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
+ 		  if (shdr->contents == NULL)
+ 		    {
+ 		      _bfd_error_handler
+-			(_("%B: Corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
++			(_("%B: corrupt size field in group section header: 0x%lx"), abfd, shdr->sh_size);
+ 		      bfd_set_error (bfd_error_bad_value);
+-		      return FALSE;
++		      -- num_group;
++		      continue;
+ 		    }
+ 
+ 		  memset (shdr->contents, 0, amt);
+@@ -618,8 +619,17 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
+ 		  if (bfd_seek (abfd, shdr->sh_offset, SEEK_SET) != 0
+ 		      || (bfd_bread (shdr->contents, shdr->sh_size, abfd)
+ 			  != shdr->sh_size))
+-		    return FALSE;
+-
++		    {
++		      _bfd_error_handler
++			(_("%B: invalid size field in group section header: 0x%lx"), abfd, shdr->sh_size);
++		      bfd_set_error (bfd_error_bad_value);
++		      -- num_group;
++		      /* PR 17510: If the group contents are even partially
++			 corrupt, do not allow any of the contents to be used.  */
++		      memset (shdr->contents, 0, amt);
++		      continue;
++		    }
++		  
+ 		  /* Translate raw contents, a flag word followed by an
+ 		     array of elf section indices all in target byte order,
+ 		     to the flag word followed by an array of elf section
+@@ -651,6 +661,21 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
+ 		    }
+ 		}
+ 	    }
++
++	  /* PR 17510: Corrupt binaries might contain invalid groups.  */
++	  if (num_group != (unsigned) elf_tdata (abfd)->num_group)
++	    {
++	      elf_tdata (abfd)->num_group = num_group;
++
++	      /* If all groups are invalid then fail.  */
++	      if (num_group == 0)
++		{
++		  elf_tdata (abfd)->group_sect_ptr = NULL;
++		  elf_tdata (abfd)->num_group = num_group = -1;
++		  (*_bfd_error_handler) (_("%B: no valid group sections found"), abfd);
++		  bfd_set_error (bfd_error_bad_value);
++		}
++	    }
+ 	}
+     }
+ 
+@@ -716,6 +741,7 @@ setup_group (bfd *abfd, Elf_Internal_Shdr *hdr, asection *newsect)
+     {
+       (*_bfd_error_handler) (_("%B: no group info for section %A"),
+ 			     abfd, newsect);
++      return FALSE;
+     }
+   return TRUE;
+ }
+-- 
+1.7.1
+
-- 
cgit v1.2.3-2-g168b