summaryrefslogtreecommitdiff
path: root/cross/cross-binutils/binutils-2.24-CVE-2014-8484.patch
diff options
context:
space:
mode:
Diffstat (limited to 'cross/cross-binutils/binutils-2.24-CVE-2014-8484.patch')
-rw-r--r--cross/cross-binutils/binutils-2.24-CVE-2014-8484.patch31
1 files changed, 31 insertions, 0 deletions
diff --git a/cross/cross-binutils/binutils-2.24-CVE-2014-8484.patch b/cross/cross-binutils/binutils-2.24-CVE-2014-8484.patch
new file mode 100644
index 000000000..69a5e8506
--- /dev/null
+++ b/cross/cross-binutils/binutils-2.24-CVE-2014-8484.patch
@@ -0,0 +1,31 @@
+--- binutils-2.24/bfd/srec.c 2013-11-04 16:33:37.000000000 +0100
++++ binutils-2.24-1/bfd/srec.c 2014-10-24 21:46:38.973046641 +0200
+@@ -455,7 +455,7 @@
+ {
+ file_ptr pos;
+ char hdr[3];
+- unsigned int bytes;
++ unsigned int bytes, min_bytes;
+ bfd_vma address;
+ bfd_byte *data;
+ unsigned char check_sum;
+@@ -478,6 +478,19 @@
+ }
+
+ check_sum = bytes = HEX (hdr + 1);
++ min_bytes = 3;
++ if (hdr[0] == '2' || hdr[0] == '8')
++ min_bytes = 4;
++ else if (hdr[0] == '3' || hdr[0] == '7')
++ min_bytes = 5;
++ if (bytes < min_bytes)
++ {
++ (*_bfd_error_handler) (_("%B:%d: byte count %d too small\n"),
++ abfd, lineno, bytes);
++ bfd_set_error (bfd_error_bad_value);
++ goto error_return;
++ }
++
+ if (bytes * 2 > bufsize)
+ {
+ if (buf != NULL)
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 06:02:34 +0000