From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-155601-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 125655 invoked by alias); 25 Apr 2019 03:26:00 -0000
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
Received: (qmail 125640 invoked by uid 89); 25 Apr 2019 03:25:59 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-3.1 required=5.0 tests=AWL,BAYES_00,KAM_NUMSUBJECT,SPF_HELO_PASS,SPF_PASS autolearn=no version=3.3.1 spammy=H*u:1.3.6, H*UA:1.3.6, stating, HX-Languages-Length:1210
X-HELO: smtp.polymtl.ca
Received: from smtp.polymtl.ca (HELO smtp.polymtl.ca) (132.207.4.11) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 25 Apr 2019 03:25:57 +0000
Received: from simark.ca (simark.ca [158.69.221.121])	(authenticated bits=0)	by smtp.polymtl.ca (8.14.7/8.14.7) with ESMTP id x3P3PlmN008807	(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)	for <gdb-patches@sourceware.org>; Wed, 24 Apr 2019 23:25:51 -0400
Received: by simark.ca (Postfix, from userid 112)	id 022751E77E; Wed, 24 Apr 2019 23:25:47 -0400 (EDT)
Received: from simark.ca (localhost [127.0.0.1])	by simark.ca (Postfix) with ESMTP id BE6181E0A9;	Wed, 24 Apr 2019 23:25:45 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
Date: Thu, 25 Apr 2019 03:26:00 -0000
From: Simon Marchi <simon.marchi@polymtl.ca>
To: Kevin Buettner <kevinb@redhat.com>
Cc: gdb-patches@sourceware.org, Sandra Loosemore <sandra@codesourcery.com>
Subject: Re: [patch] Fix CVE-2017-9778
In-Reply-To: <20190424175614.146732e1@f29-4.lan>
References: <e2b9a14b-97de-a926-9e82-1f678e893944@codesourcery.com> <20190424175614.146732e1@f29-4.lan>
Message-ID: <7662d84ed430765775cfb3750a155ba4@polymtl.ca>
X-Sender: simon.marchi@polymtl.ca
User-Agent: Roundcube Webmail/1.3.6
X-IsSubscribed: yes
X-SW-Source: 2019-04/txt/msg00506.txt.bz2

On 2019-04-24 20:56, Kevin Buettner wrote:
> On Wed, 24 Apr 2019 10:27:39 -0600
> Sandra Loosemore <sandra@codesourcery.com> wrote:
> 
>>     GDB was failing to catch cases where a corrupt ELF or core file
>>     contained an invalid length value in a Dwarf debug frame FDE 
>> header.
>>     It was checking for buffer overflow but not cases where the length 
>> was
>>     negative or caused pointer wrap-around.
>> 
>>     In addition to the additional validity check, this patch cleans up 
>> the
>>     multiple signed/unsigned conversions on the length field so that 
>> an
>>     unsigned representation is used consistently throughout.
>> 
>>     2019-04-24  Sandra Loosemore  <sandra@codesourcery.com>
>>     	    Kang Li <kanglictf@gmail.com>
>> 
>>     	PR gdb/21600
>> 
>>     	* dwarf2-frame.c (read_initial_length): Be consistent about using
>>     	unsigned representation of length.
>>     	(decode_frame_entry_1): Likewise.  Check for wraparound of
>>     	end pointer as well as buffer overflow.
> 
> This is okay.
> 
> Kevin

I would just suggest using a more descriptive commit title, stating what 
the commit actually changes in the code.  It's still good to reference 
the CVE number, but by itself is not very descriptive.

Thanks,

Simon