Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.6:Update
libdwarf.29697
libdwarf-cve-2020-27545.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libdwarf-cve-2020-27545.diff of Package libdwarf.29697
A backport of the important part of upstreams d871f028de to fix CVE-2020-27545 . The upstream commit also touched dwarf5 code, which our libdwarf version doesn't have. And the error reporting routines were rewritten so those parts don't apply. --- libdwarf/dwarf_line_table_reader_common.c.mm 2016-11-02 22:36:56.000000000 +0100 +++ libdwarf/dwarf_line_table_reader_common.c 2023-07-03 15:27:51.399888774 +0200 @@ -1637,7 +1637,15 @@ read_line_table_program(Dwarf_Debug dbg, other than we know now many bytes it is and the op code and the bytes of operand. */ Dwarf_Unsigned remaining_bytes = instr_length -1; - if (instr_length < 1 || remaining_bytes > DW_LNE_LEN_MAX) { + Dwarf_Unsigned space_left = + (line_ptr <= line_ptr_end)? + (line_ptr_end - line_ptr):0xfffffff; + + /* By catching this here instead of PRINTING_DETAILS + we avoid reading off of our data of interest*/ + if (instr_length < 1 || + space_left < remaining_bytes || + remaining_bytes > DW_LNE_LEN_MAX) { _dwarf_free_chain_entries(dbg,head_chain,line_count); _dwarf_error(dbg, error, DW_DLE_LINE_TABLE_BAD); @@ -1650,6 +1658,8 @@ read_line_table_program(Dwarf_Debug dbg, dwarf_printf(dbg, "Bytecount: %" DW_PR_DUu , (Dwarf_Unsigned)instr_length); if (remaining_bytes > 0) { + /* If remaining bytes > distance to end + we will have an error. */ dwarf_printf(dbg, " linedata: 0x"); while (remaining_bytes > 0) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor