This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [patch] Fix CVE-2017-9778

On 2019-04-24 20:56, Kevin Buettner wrote:

On Wed, 24 Apr 2019 10:27:39 -0600
Sandra Loosemore <sandra@codesourcery.com> wrote:


    GDB was failing to catch cases where a corrupt ELF or core file
contained an invalid length value in a Dwarf debug frame FDE header. It was checking for buffer overflow but not cases where the length was 
    negative or caused pointer wrap-around.
In addition to the additional validity check, this patch cleans up the multiple signed/unsigned conversions on the length field so that an 
    unsigned representation is used consistently throughout.

    2019-04-24  Sandra Loosemore  <sandra@codesourcery.com>
    	    Kang Li <kanglictf@gmail.com>

    	PR gdb/21600

    	* dwarf2-frame.c (read_initial_length): Be consistent about using
    	unsigned representation of length.
    	(decode_frame_entry_1): Likewise.  Check for wraparound of
    	end pointer as well as buffer overflow.


This is okay.

Kevin
I would just suggest using a more descriptive commit title, stating what the commit actually changes in the code. It's still good to reference the CVE number, but by itself is not very descriptive. 

Thanks,

Simon
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]