[patch] Fix CVE-2017-9778
Sandra Loosemore
sandra@codesourcery.com
Thu Apr 25 14:34:00 GMT 2019
On 4/24/19 9:25 PM, Simon Marchi wrote:
> On 2019-04-24 20:56, Kevin Buettner wrote:
>> On Wed, 24 Apr 2019 10:27:39 -0600
>> Sandra Loosemore <sandra@codesourcery.com> wrote:
>>
>>> Â Â Â GDB was failing to catch cases where a corrupt ELF or core file
>>> Â Â Â contained an invalid length value in a Dwarf debug frame FDE header.
>>> Â Â Â It was checking for buffer overflow but not cases where the
>>> length was
>>> Â Â Â negative or caused pointer wrap-around.
>>>
>>> Â Â Â In addition to the additional validity check, this patch cleans
>>> up the
>>> Â Â Â multiple signed/unsigned conversions on the length field so that an
>>> Â Â Â unsigned representation is used consistently throughout.
>>>
>>>    2019-04-24 Sandra Loosemore <sandra@codesourcery.com>
>>> Â Â Â Â Â Â Â Â Â Â Â Kang Li <kanglictf@gmail.com>
>>>
>>> Â Â Â Â Â Â Â PR gdb/21600
>>>
>>> Â Â Â Â Â Â Â * dwarf2-frame.c (read_initial_length): Be consistent about
>>> using
>>> Â Â Â Â Â Â Â unsigned representation of length.
>>>        (decode_frame_entry_1): Likewise. Check for wraparound of
>>> Â Â Â Â Â Â Â end pointer as well as buffer overflow.
>>
>> This is okay.
>>
>> Kevin
>
> I would just suggest using a more descriptive commit title, stating what
> the commit actually changes in the code. It's still good to reference
> the CVE number, but by itself is not very descriptive.
Done. I pushed it as "Detect invalid length field in debug frame FDE
header."
-Sandra
More information about the Gdb-patches
mailing list