packages/gdb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2023-39128

Browse Source 
(cherry picked from commit 91f62e3b7324fded8dfc5197d8f607f8c6788498)
This commit is contained in:
liningjie 2023-07-28 13:43:07 +08:00 committed by openeuler-sync-bot
parent 22171fb6f6
commit 6ac51ef0f6
2 changed files with 76 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
backport-CVE-2023-39128.patch Normal file
View File

@ -0,0 +1,71 @@
From c2596d1409817bc590f0f95f6a4b952f37198001 Mon Sep 17 00:00:00 2001
From: liningjie <liningjie@xfusion.com>
Date: Fri, 28 Jul 2023 13:25:11 +0800
Subject: [PATCH] Avoid buffer overflow in ada_decode
A bug report pointed out a buffer overflow in ada_decode, which Keith
helpfully analyzed. ada_decode had a logic error when the input was
all digits. While this isn't valid -- and would probably only appear
in fuzzer tests -- it still should be handled properly.
This patch adds a missing bounds check. Tested with the self-tests in
an asan build.
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30639
Reviewed-by: Keith Seitz <keiths@redhat.com>
---
gdb/ada-lang.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c
index b098991..841901f 100644
--- a/gdb/ada-lang.c
+++ b/gdb/ada-lang.c
@@ -57,6 +57,7 @@
#include "cli/cli-utils.h"
#include "gdbsupport/function-view.h"
#include "gdbsupport/byte-vector.h"
+#include "gdbsupport/selftest.h"
#include <algorithm>
#include "ada-exp.h"
@@ -1057,7 +1058,7 @@ ada_decode (const char *encoded, bool wrap)
i -= 1;
if (i > 1 && encoded[i] == '_' && encoded[i - 1] == '_')
len0 = i - 1;
- else if (encoded[i] == '$')
+ else if (i >= 0 && encoded[i] == '$')
len0 = i;
}
@@ -1225,6 +1226,18 @@ ada_decode (const char *encoded, bool wrap)
return decoded;
}
+#ifdef GDB_SELF_TEST
+
+static void
+ada_decode_tests ()
+{
+ /* This isn't valid, but used to cause a crash. PR gdb/30639. The
+ result does not really matter very much. */
+ SELF_CHECK (ada_decode ("44") == "44");
+}
+
+#endif
+
/* Table for keeping permanent unique copies of decoded names. Once
allocated, names in this table are never released. While this is a
storage leak, it should not be significant unless there are massive
@@ -13497,4 +13510,8 @@ DWARF attribute."),
gdb::observers::new_objfile.attach (ada_new_objfile_observer, "ada-lang");
gdb::observers::free_objfile.attach (ada_free_objfile_observer, "ada-lang");
gdb::observers::inferior_exit.attach (ada_inferior_exit, "ada-lang");
+
+#ifdef GDB_SELF_TEST
+ selftests::register_test ("ada-decode", ada_decode_tests);
+#endif
}
--
2.33.0

6
gdb.spec
View File

@ -1,6 +1,6 @@
Name: gdb Name: gdb
Version: 11.1 Version: 11.1
Release: 4 Release: 5
License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and LGPLv3+ and BSD and Public Domain and GFDL-1.3 License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and LGPLv3+ and BSD and Public Domain and GFDL-1.3
Source: ftp://sourceware.org/pub/gdb/releases/gdb-%{version}.tar.xz Source: ftp://sourceware.org/pub/gdb/releases/gdb-%{version}.tar.xz
@ -94,6 +94,7 @@ Patch81: gdb-rhbz2022177-dprintf-2.patch
# Fedra patch end # Fedra patch end
Patch82: 0001-Make-c-exp.y-work-with-Bison-3.8.patch Patch82: 0001-Make-c-exp.y-work-with-Bison-3.8.patch
Patch1000: backport-CVE-2023-39128.patch
%ifarch loongarch64 %ifarch loongarch64
Patch83: 0001-gdb-Add-LoongArch-bfd-support.patch Patch83: 0001-gdb-Add-LoongArch-bfd-support.patch
@ -378,6 +379,9 @@ rm -f $RPM_BUILD_ROOT%{_datadir}/gdb/python/gdb/command/backtrace.py
%{_infodir}/gdb.info* %{_infodir}/gdb.info*
%changelog %changelog
* Sat Sep 2 2023 liningjie <liningjie@xfusion.com> - 11.1-5
- fix CVE-2023-39128
* Sun Apr 23 2023 yangchenguang <yangchenguang@kylinsec.com.cn> - 11.1-4 * Sun Apr 23 2023 yangchenguang <yangchenguang@kylinsec.com.cn> - 11.1-4
- Sync 2203 loongarch64 support patch file - Sync 2203 loongarch64 support patch file