[Backport] libdwfl: Fix overflow check in link_map.c read_addrs

Signed-off-by: linzhuorong <linzhuorong@huawei.com>
2022-12-12 03:30:33 +00:00 · 2022-12-12 03:30:33 +00:00 · d2895051d7
commit d2895051d7
parent 6319b34551
2 changed files with 41 additions and 2 deletions
--- a/backport-libdwfl-Fix-overflow-check-in-link_map.c-read_addrs.patch
+++ b/backport-libdwfl-Fix-overflow-check-in-link_map.c-read_addrs.patch
@ -0,0 +1,32 @@
+From 394cbe87c349b180a8b2aa4b0868698469d6de95 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Thu, 6 Jan 2022 16:44:56 +0100
+Subject: [PATCH] libdwfl: Fix overflow check in link_map.c read_addrs
+
+The buffer_available overflow check wasn't complete. Also check nb
+isn't too big.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=28720
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+---
+ libdwfl/link_map.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libdwfl/link_map.c b/libdwfl/link_map.c
+index 0d8d1c1..e7c4173 100644
+--- a/libdwfl/link_map.c
+++ b/libdwfl/link_map.c
+@@ -256,7 +256,8 @@ read_addrs (struct memory_closure *closure,
+   /* Read a new buffer if the old one doesn't cover these words.  */
+   if (buffer == NULL
+       || vaddr < *read_vaddr
+-      || vaddr - (*read_vaddr) + nb > *buffer_available)
+      || nb > *buffer_available
+      || vaddr - (*read_vaddr) > *buffer_available - nb)
+     {
+       release_buffer (closure, buffer, buffer_available, 0);
+ 
+-- 
+2.12.3
+
--- a/elfutils.spec
+++ b/elfutils.spec
@ -1,7 +1,7 @@
 # -*- rpm-spec from http://elfutils.org/ -*-
 Name: elfutils
 Version: 0.185
-Release: 16
+Release: 17
 Summary: A collection of utilities and DSOs to handle ELF files and DWARF data
 URL: http://elfutils.org/
 License: GPLv3+ and (GPLv2+ or LGPLv3+)
@ -14,6 +14,7 @@ Patch3: Fix-issue-of-moving-files-by-ar-or-br.patch
 Patch4: Get-instance-correctly-for-eu-ar-N-option.patch
 Patch5: backport-readelf-Handle-DW_LLE_GNU_view_pair.patch
 Patch6: elfutils-Add-sw64-architecture.patch
+Patch7: backport-libdwfl-Fix-overflow-check-in-link_map.c-read_addrs.patch

 Provides:  elfutils-libelf elfutils-default-yama-scope default-yama-scope elfutils-libs
 Obsoletes: elfutils-libelf < %{version}-%{release} elfutils-default-yama-scope < %{version}-%{release} elfutils-libs < %{version}-%{release}
@ -131,7 +132,7 @@ such servers to download those files on demand.
 %ifarch sw_64
 %patch6 -p1
 %endif
-
+%patch7 -p1

 %build
 %configure --program-prefix=%{_programprefix}
@ -266,6 +267,12 @@ exit 0
 %systemd_postun_with_restart debuginfod.service

 %changelog
+* Mon Dec 5 2022 linzhuorong <linzhuorong@huawei.com> - 0.185-17
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:libdwfl: Fix overflow check in link_map.c read_addrs
+
 * Thu Dec 1 2022 wuzx<wuzx1226@qq.com> - 0.185-16
 - Type:feature
 - CVE:NA