From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 83514 invoked by alias); 25 Apr 2019 14:34:52 -0000 Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-patches-owner@sourceware.org Received: (qmail 83504 invoked by uid 89); 25 Apr 2019 14:34:52 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-7.2 required=5.0 tests=AWL,BAYES_00,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.1 spammy=stating, H*r:0700, detect, HContent-Transfer-Encoding:8bit X-HELO: relay1.mentorg.com Received: from relay1.mentorg.com (HELO relay1.mentorg.com) (192.94.38.131) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 25 Apr 2019 14:34:50 +0000 Received: from svr-orw-mbx-03.mgc.mentorg.com ([147.34.90.203]) by relay1.mentorg.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-SHA384:256) id 1hJfSZ-0003pC-U1 from Sandra_Loosemore@mentor.com ; Thu, 25 Apr 2019 07:34:47 -0700 Received: from [127.0.0.1] (147.34.91.1) by svr-orw-mbx-03.mgc.mentorg.com (147.34.90.203) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 25 Apr 2019 07:34:45 -0700 Subject: Re: [patch] Fix CVE-2017-9778 To: Simon Marchi , Kevin Buettner CC: References: <20190424175614.146732e1@f29-4.lan> <7662d84ed430765775cfb3750a155ba4@polymtl.ca> From: Sandra Loosemore Message-ID: Date: Thu, 25 Apr 2019 14:34:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <7662d84ed430765775cfb3750a155ba4@polymtl.ca> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit X-SW-Source: 2019-04/txt/msg00520.txt.bz2 On 4/24/19 9:25 PM, Simon Marchi wrote: > On 2019-04-24 20:56, Kevin Buettner wrote: >> On Wed, 24 Apr 2019 10:27:39 -0600 >> Sandra Loosemore wrote: >> >>>     GDB was failing to catch cases where a corrupt ELF or core file >>>     contained an invalid length value in a Dwarf debug frame FDE header. >>>     It was checking for buffer overflow but not cases where the >>> length was >>>     negative or caused pointer wrap-around. >>> >>>     In addition to the additional validity check, this patch cleans >>> up the >>>     multiple signed/unsigned conversions on the length field so that an >>>     unsigned representation is used consistently throughout. >>> >>>     2019-04-24  Sandra Loosemore  >>>             Kang Li >>> >>>         PR gdb/21600 >>> >>>         * dwarf2-frame.c (read_initial_length): Be consistent about >>> using >>>         unsigned representation of length. >>>         (decode_frame_entry_1): Likewise.  Check for wraparound of >>>         end pointer as well as buffer overflow. >> >> This is okay. >> >> Kevin > > I would just suggest using a more descriptive commit title, stating what > the commit actually changes in the code.  It's still good to reference > the CVE number, but by itself is not very descriptive. Done. I pushed it as "Detect invalid length field in debug frame FDE header." -Sandra