summaryrefslogtreecommitdiff
path: root/meta/recipes-devtools/gcc
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2016-05-06 00:11:54 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-05-17 14:42:18 +0100
commit4d8096d77139e31f80b4cb54b6b747bbf19bb959 (patch)
tree14fd38649c89d2e178e30d7b205c7668d891d257 /meta/recipes-devtools/gcc
parentdfb2dc45943d64f3d6da84c0d7b99ac5254fc738 (diff)
downloadopenembedded-core-4d8096d77139e31f80b4cb54b6b747bbf19bb959.tar.gz
openembedded-core-4d8096d77139e31f80b4cb54b6b747bbf19bb959.tar.bz2
openembedded-core-4d8096d77139e31f80b4cb54b6b747bbf19bb959.zip
gcc: Security fix CVE-2016-4488
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/gcc')
-rw-r--r--meta/recipes-devtools/gcc/gcc-5.3.inc1
-rw-r--r--meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4488.patch73
2 files changed, 74 insertions, 0 deletions
diff --git a/meta/recipes-devtools/gcc/gcc-5.3.inc b/meta/recipes-devtools/gcc/gcc-5.3.inc
index 897c1f9a75..c75d07ebce 100644
--- a/meta/recipes-devtools/gcc/gcc-5.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-5.3.inc
@@ -90,6 +90,7 @@ SRC_URI = "\
file://0058-fdebug-prefix-map-support-to-remap-relative-path.patch \
file://0059-libgcc-use-ldflags.patch \
file://0060-remove-prototypes-cfns.patch \
+ file://CVE-2016-4488.patch \
"
BACKPORTS = ""
diff --git a/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4488.patch b/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4488.patch
new file mode 100644
index 0000000000..30e0ffeace
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-4488.patch
@@ -0,0 +1,73 @@
+From be3004dc350a820a5b0320b34bd05673ba534058 Mon Sep 17 00:00:00 2001
+From: law <law@138bc75d-0d04-0410-961f-82ee72b054a4>
+Date: Thu, 31 Mar 2016 17:20:53 +0000
+Subject: [PATCH] * cplus-dem.c (squangle_mop_up): Zero bsize/ksize
+ after freeing btypevec/ktypevec. * testsuite/demangle-expected: Add
+ coverage tests.
+
+git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@234645 138bc75d-0d04-0410-961f-82ee72b054a4
+
+Upstream-Status: Backport
+CVE: CVE-2016-4488
+
+patched ChangeLog and demangle-expected as patch is from tip.
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+
+---
+ libiberty/ChangeLog | 7 +++++++
+ libiberty/cplus-dem.c | 2 ++
+ libiberty/testsuite/demangle-expected | 10 ++++++++++
+ 3 files changed, 19 insertions(+)
+
+Index: gcc-5.3.0/libiberty/cplus-dem.c
+===================================================================
+--- gcc-5.3.0.orig/libiberty/cplus-dem.c
++++ gcc-5.3.0/libiberty/cplus-dem.c
+@@ -1237,11 +1237,13 @@ squangle_mop_up (struct work_stuff *work
+ {
+ free ((char *) work -> btypevec);
+ work->btypevec = NULL;
++ work->bsize = 0;
+ }
+ if (work -> ktypevec != NULL)
+ {
+ free ((char *) work -> ktypevec);
+ work->ktypevec = NULL;
++ work->ksize = 0;
+ }
+ }
+
+Index: gcc-5.3.0/libiberty/testsuite/demangle-expected
+===================================================================
+--- gcc-5.3.0.orig/libiberty/testsuite/demangle-expected
++++ gcc-5.3.0/libiberty/testsuite/demangle-expected
+@@ -4356,3 +4356,13 @@ _QueueNotification_QueueController__$4PP
+ --format=gnu-v3
+ _Z1fSsB3fooS_
+ f(std::string[abi:foo], std::string[abi:foo])
++#
++# Tests a use-after-free problem
++
++_Q.__0
++::Q.(void)
++#
++# Tests a use-after-free problem
++
++_Q10-__9cafebabe.
++cafebabe.::-(void)
+Index: gcc-5.3.0/libiberty/ChangeLog
+===================================================================
+--- gcc-5.3.0.orig/libiberty/ChangeLog
++++ gcc-5.3.0/libiberty/ChangeLog
+@@ -1,3 +1,10 @@
++2016-03-31 Mikhail Maltsev <maltsevm@gmail.com>
++ Marcel Bohme boehme.marcel@gmail.com
++
++ * cplus-dem.c (squangle_mop_up): Zero bsize/ksize after freeing
++ btypevec/ktypevec.
++ * testsuite/demangle-expected: Add coverage tests.
++
+ 2015-12-04 Release Manager
+
+ * GCC 5.3.0 released.