This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [patch] Fix CVE-2017-9778
On Wed, 24 Apr 2019 23:25:45 -0400
Simon Marchi <simon.marchi@polymtl.ca> wrote:
> On 2019-04-24 20:56, Kevin Buettner wrote:
> > On Wed, 24 Apr 2019 10:27:39 -0600
> > Sandra Loosemore <sandra@codesourcery.com> wrote:
> >
> >> GDB was failing to catch cases where a corrupt ELF or core file
> >> contained an invalid length value in a Dwarf debug frame FDE
> >> header.
> >> It was checking for buffer overflow but not cases where the length
> >> was
> >> negative or caused pointer wrap-around.
> >>
> >> In addition to the additional validity check, this patch cleans up
> >> the
> >> multiple signed/unsigned conversions on the length field so that
> >> an
> >> unsigned representation is used consistently throughout.
> >>
> >> 2019-04-24 Sandra Loosemore <sandra@codesourcery.com>
> >> Kang Li <kanglictf@gmail.com>
> >>
> >> PR gdb/21600
> >>
> >> * dwarf2-frame.c (read_initial_length): Be consistent about using
> >> unsigned representation of length.
> >> (decode_frame_entry_1): Likewise. Check for wraparound of
> >> end pointer as well as buffer overflow.
> >
> > This is okay.
> >
> > Kevin
>
> I would just suggest using a more descriptive commit title, stating what
> the commit actually changes in the code. It's still good to reference
> the CVE number, but by itself is not very descriptive.
Yes, good point.
I'm glad that Sandra saw your suggestion prior to pushing that commit.
Kevin