This is the mail archive of the gdb-patches@sourceware.org mailing list for the GDB project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [patch] Fix CVE-2017-9778

On 4/24/19 9:25 PM, Simon Marchi wrote:

On 2019-04-24 20:56, Kevin Buettner wrote:

On Wed, 24 Apr 2019 10:27:39 -0600
Sandra Loosemore <sandra@codesourcery.com> wrote:


    GDB was failing to catch cases where a corrupt ELF or core file
    contained an invalid length value in a Dwarf debug frame FDE header.
    It was checking for buffer overflow but not cases where the length was 
    negative or caused pointer wrap-around.
    In addition to the additional validity check, this patch cleans up the 
    multiple signed/unsigned conversions on the length field so that an
    unsigned representation is used consistently throughout.

    2019-04-24  Sandra Loosemore  <sandra@codesourcery.com>
            Kang Li <kanglictf@gmail.com>

        PR gdb/21600
        * dwarf2-frame.c (read_initial_length): Be consistent about using 
        unsigned representation of length.
        (decode_frame_entry_1): Likewise.  Check for wraparound of
        end pointer as well as buffer overflow.


This is okay.

Kevin
I would just suggest using a more descriptive commit title, stating what the commit actually changes in the code.  It's still good to reference the CVE number, but by itself is not very descriptive.
Done. I pushed it as "Detect invalid length field in debug frame FDE header." 

-Sandra
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]