diff options
author | Armin Kuster <akuster@mvista.com> | 2016-05-06 00:11:54 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-05-17 14:42:18 +0100 |
commit | 4d8096d77139e31f80b4cb54b6b747bbf19bb959 (patch) | |
tree | 14fd38649c89d2e178e30d7b205c7668d891d257 | |
parent | dfb2dc45943d64f3d6da84c0d7b99ac5254fc738 (diff) | |
download | openembedded-core-4d8096d77139e31f80b4cb54b6b747bbf19bb959.tar.gz openembedded-core-4d8096d77139e31f80b4cb54b6b747bbf19bb959.tar.bz2 openembedded-core-4d8096d77139e31f80b4cb54b6b747bbf19bb959.zip |
gcc: Security fix CVE-2016-4488
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-devtools/gcc/gcc-5.3.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4488.patch | 73 |
2 files changed, 74 insertions, 0 deletions
diff --git a/meta/recipes-devtools/gcc/gcc-5.3.inc b/meta/recipes-devtools/gcc/gcc-5.3.inc index 897c1f9a75..c75d07ebce 100644 --- a/meta/recipes-devtools/gcc/gcc-5.3.inc +++ b/meta/recipes-devtools/gcc/gcc-5.3.inc @@ -90,6 +90,7 @@ SRC_URI = "\ file://0058-fdebug-prefix-map-support-to-remap-relative-path.patch \ file://0059-libgcc-use-ldflags.patch \ file://0060-remove-prototypes-cfns.patch \ + file://CVE-2016-4488.patch \ " BACKPORTS = "" diff --git a/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4488.patch b/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4488.patch new file mode 100644 index 0000000000..30e0ffeace --- /dev/null +++ b/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4488.patch @@ -0,0 +1,73 @@ +From be3004dc350a820a5b0320b34bd05673ba534058 Mon Sep 17 00:00:00 2001 +From: law <law@138bc75d-0d04-0410-961f-82ee72b054a4> +Date: Thu, 31 Mar 2016 17:20:53 +0000 +Subject: [PATCH] * cplus-dem.c (squangle_mop_up): Zero bsize/ksize + after freeing btypevec/ktypevec. * testsuite/demangle-expected: Add + coverage tests. + +git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@234645 138bc75d-0d04-0410-961f-82ee72b054a4 + +Upstream-Status: Backport +CVE: CVE-2016-4488 + +patched ChangeLog and demangle-expected as patch is from tip. +Signed-off-by: Armin Kuster <akuster@mvista.com> + + +--- + libiberty/ChangeLog | 7 +++++++ + libiberty/cplus-dem.c | 2 ++ + libiberty/testsuite/demangle-expected | 10 ++++++++++ + 3 files changed, 19 insertions(+) + +Index: gcc-5.3.0/libiberty/cplus-dem.c +=================================================================== +--- gcc-5.3.0.orig/libiberty/cplus-dem.c ++++ gcc-5.3.0/libiberty/cplus-dem.c +@@ -1237,11 +1237,13 @@ squangle_mop_up (struct work_stuff *work + { + free ((char *) work -> btypevec); + work->btypevec = NULL; ++ work->bsize = 0; + } + if (work -> ktypevec != NULL) + { + free ((char *) work -> ktypevec); + work->ktypevec = NULL; ++ work->ksize = 0; + } + } + +Index: gcc-5.3.0/libiberty/testsuite/demangle-expected +=================================================================== +--- gcc-5.3.0.orig/libiberty/testsuite/demangle-expected ++++ gcc-5.3.0/libiberty/testsuite/demangle-expected +@@ -4356,3 +4356,13 @@ _QueueNotification_QueueController__$4PP + --format=gnu-v3 + _Z1fSsB3fooS_ + f(std::string[abi:foo], std::string[abi:foo]) ++# ++# Tests a use-after-free problem ++ ++_Q.__0 ++::Q.(void) ++# ++# Tests a use-after-free problem ++ ++_Q10-__9cafebabe. ++cafebabe.::-(void) +Index: gcc-5.3.0/libiberty/ChangeLog +=================================================================== +--- gcc-5.3.0.orig/libiberty/ChangeLog ++++ gcc-5.3.0/libiberty/ChangeLog +@@ -1,3 +1,10 @@ ++2016-03-31 Mikhail Maltsev <maltsevm@gmail.com> ++ Marcel Bohme boehme.marcel@gmail.com ++ ++ * cplus-dem.c (squangle_mop_up): Zero bsize/ksize after freeing ++ btypevec/ktypevec. ++ * testsuite/demangle-expected: Add coverage tests. ++ + 2015-12-04 Release Manager + + * GCC 5.3.0 released. |