From 1f0862a7b6ed25ffb3746df6370663aed931e015 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Aug 06 2019 14:08:35 +0000 Subject: Stop GOLD from seg-faulting on a corrupt input with a fuzzed section offset. Resolves: #1735605 --- diff --git a/binutils-CVE-2019-1010204.patch b/binutils-CVE-2019-1010204.patch new file mode 100644 index 0000000..56434b1 --- /dev/null +++ b/binutils-CVE-2019-1010204.patch @@ -0,0 +1,15 @@ +--- binutils.orig/gold/fileread.cc 2019-08-06 14:22:08.669313110 +0100 ++++ binutils-2.32/gold/fileread.cc 2019-08-06 14:22:28.799177543 +0100 +@@ -381,6 +381,12 @@ File_read::do_read(off_t start, section_ + ssize_t bytes; + if (this->whole_file_view_ != NULL) + { ++ // See PR 23765 for an example of a testcase that triggers this error. ++ if (((ssize_t) start) < 0) ++ gold_fatal(_("%s: read failed, starting offset (%#llx) less than zero"), ++ this->filename().c_str(), ++ static_cast(start)); ++ + bytes = this->size_ - start; + if (static_cast(bytes) >= size) + { diff --git a/binutils.spec b/binutils.spec index ccb6900..0664680 100644 --- a/binutils.spec +++ b/binutils.spec @@ -2,7 +2,7 @@ Summary: A GNU collection of binary utilities Name: %{?cross}binutils%{?_with_debug:-debug} Version: 2.32 -Release: 21%{?dist} +Release: 22%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -243,6 +243,11 @@ Patch25: binutils-rh1736114.patch # Lifetime: Fixed in 2.33 Patch26: binutils-objcopy-gnu-build-version-notes.patch +# Purpose: Add a check to the GOLD linker for a corrupt input file +# with a fuzzed section offset. +# Lifetime: Fixed in 2.33 +Patch27: binutils-CVE-2019-1010204.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -395,6 +400,7 @@ Conflicts: gcc-c++ < 4.0.0 %patch24 -p1 %patch25 -p1 %patch26 -p1 +%patch27 -p1 # We cannot run autotools as there is an exact requirement of autoconf-2.59. # FIXME - this is no longer true. Maybe try reinstating autotool use ? @@ -791,6 +797,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Tue Aug 06 2019 Nick Clifton - 2.32-22 +- Stop GOLD from seg-faulting on a corrupt input with a fuzzed section offset. (#1735605) + * Mon Aug 05 2019 Nick Clifton - 2.32-21 - Stop strip from complaining if the first build note is not a version note. (#1736114)