[Backport] libdwfl: Fix overflow check in link_map.c read_addrs

Signed-off-by: linzhuorong <linzhuorong@huawei.com>
2022-12-12 03:30:33 +00:00 · 2022-12-12 03:30:33 +00:00 · d2895051d7
commit d2895051d7
parent 6319b34551
2 changed files with 41 additions and 2 deletions
--- a/backport-libdwfl-Fix-overflow-check-in-link_map.c-read_addrs.patch
+++ b/backport-libdwfl-Fix-overflow-check-in-link_map.c-read_addrs.patch
@ -0,0 +1,32 @@
 From 394cbe87c349b180a8b2aa4b0868698469d6de95 Mon Sep 17 00:00:00 2001
 From: Mark Wielaard <mark@klomp.org>
 Date: Thu, 6 Jan 2022 16:44:56 +0100
 Subject: [PATCH] libdwfl: Fix overflow check in link_map.c read_addrs
 The buffer_available overflow check wasn't complete. Also check nb
 isn't too big.
 https://sourceware.org/bugzilla/show_bug.cgi?id=28720
 Signed-off-by: Mark Wielaard <mark@klomp.org>
 ---
 libdwfl/link_map.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/libdwfl/link_map.c b/libdwfl/link_map.c
 index 0d8d1c1..e7c4173 100644
 --- a/libdwfl/link_map.c
 +++ b/libdwfl/link_map.c
@@ -256,7 +256,8 @@ read_addrs (struct memory_closure *closure,
   /* Read a new buffer if the old one doesn't cover these words.  */
   if (buffer == NULL
       || vaddr < *read_vaddr
 -      || vaddr - (*read_vaddr) + nb > *buffer_available)
 +      || nb > *buffer_available
 +      || vaddr - (*read_vaddr) > *buffer_available - nb)
     {
       release_buffer (closure, buffer, buffer_available, 0);
 -- 
 2.12.3
--- a/elfutils.spec
+++ b/elfutils.spec
@ -1,7 +1,7 @@
 # -*- rpm-spec from http://elfutils.org/ -*-
 Name: elfutils
 Version: 0.185
-Release: 16
+Release: 17
 Summary: A collection of utilities and DSOs to handle ELF files and DWARF data
 URL: http://elfutils.org/
 License: GPLv3+ and (GPLv2+ or LGPLv3+)
@ -14,6 +14,7 @@ Patch3: Fix-issue-of-moving-files-by-ar-or-br.patch
 Patch4: Get-instance-correctly-for-eu-ar-N-option.patch
 Patch5: backport-readelf-Handle-DW_LLE_GNU_view_pair.patch
 Patch6: elfutils-Add-sw64-architecture.patch
 Patch7: backport-libdwfl-Fix-overflow-check-in-link_map.c-read_addrs.patch
 Provides:  elfutils-libelf elfutils-default-yama-scope default-yama-scope elfutils-libs
 Obsoletes: elfutils-libelf < %{version}-%{release} elfutils-default-yama-scope < %{version}-%{release} elfutils-libs < %{version}-%{release}
@ -131,7 +132,7 @@ such servers to download those files on demand.
 %ifarch sw_64
 %patch6 -p1
 %endif
-
+%patch7 -p1
 %build
 %configure --program-prefix=%{_programprefix}
@ -266,6 +267,12 @@ exit 0
 %systemd_postun_with_restart debuginfod.service
 %changelog
 * Mon Dec 5 2022 linzhuorong <linzhuorong@huawei.com> - 0.185-17
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:libdwfl: Fix overflow check in link_map.c read_addrs
 * Thu Dec 1 2022 wuzx<wuzx1226@qq.com> - 0.185-16
 - Type:feature
 - CVE:NA