From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-155600-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 56738 invoked by alias); 25 Apr 2019 00:56:18 -0000
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
Received: (qmail 56729 invoked by uid 89); 25 Apr 2019 00:56:18 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-3.6 required=5.0 tests=AWL,BAYES_00,KAM_NUMSUBJECT,SPF_HELO_PASS autolearn=no version=3.3.1 spammy=H*M:lan
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 25 Apr 2019 00:56:16 +0000
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))	(No client certificate requested)	by mx1.redhat.com (Postfix) with ESMTPS id A2FA183F3B;	Thu, 25 Apr 2019 00:56:15 +0000 (UTC)
Received: from f29-4.lan (ovpn-116-111.phx2.redhat.com [10.3.116.111])	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7A7F1608C1;	Thu, 25 Apr 2019 00:56:15 +0000 (UTC)
Date: Thu, 25 Apr 2019 00:56:00 -0000
From: Kevin Buettner <kevinb@redhat.com>
To: gdb-patches@sourceware.org
Cc: Sandra Loosemore <sandra@codesourcery.com>
Subject: Re: [patch] Fix CVE-2017-9778
Message-ID: <20190424175614.146732e1@f29-4.lan>
In-Reply-To: <e2b9a14b-97de-a926-9e82-1f678e893944@codesourcery.com>
References: <e2b9a14b-97de-a926-9e82-1f678e893944@codesourcery.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
X-SW-Source: 2019-04/txt/msg00505.txt.bz2

On Wed, 24 Apr 2019 10:27:39 -0600
Sandra Loosemore <sandra@codesourcery.com> wrote:

>     GDB was failing to catch cases where a corrupt ELF or core file
>     contained an invalid length value in a Dwarf debug frame FDE header.
>     It was checking for buffer overflow but not cases where the length was
>     negative or caused pointer wrap-around.
>     
>     In addition to the additional validity check, this patch cleans up the
>     multiple signed/unsigned conversions on the length field so that an
>     unsigned representation is used consistently throughout.
>     
>     2019-04-24  Sandra Loosemore  <sandra@codesourcery.com>
>     	    Kang Li <kanglictf@gmail.com>
>     
>     	PR gdb/21600
>     
>     	* dwarf2-frame.c (read_initial_length): Be consistent about using
>     	unsigned representation of length.
>     	(decode_frame_entry_1): Likewise.  Check for wraparound of
>     	end pointer as well as buffer overflow.

This is okay.

Kevin