From 793428154e6d4e12aac57b5a244057b5eb6d8db6 Mon Sep 17 00:00:00 2001 From: panysh Date: Tue, 26 Jul 2022 14:21:02 +0800 Subject: [PATCH] CVE-2020-28163 --- CVE-2020-28163.patch | 163 +++++++++++++++++++++++++++++++++++++++++++ libdwarf.spec | 6 +- 2 files changed, 168 insertions(+), 1 deletion(-) create mode 100644 CVE-2020-28163.patch diff --git a/CVE-2020-28163.patch b/CVE-2020-28163.patch new file mode 100644 index 0000000..cd067e9 --- /dev/null +++ b/CVE-2020-28163.patch @@ -0,0 +1,163 @@ +From faf99408e3f9f706fc3809dd400e831f989778d3 Mon Sep 17 00:00:00 2001 +From: David Anderson +Date: Wed, 28 Oct 2020 15:56:06 -0700 +Subject: [PATCH] modified: libdwarf/dwarf_print_lines.c * + dwarf_print_lines.c: In case of corrupted DWARF5 line header the + fi_file_name field for a file entry can be null. Now we print a + string in that case to avoid passing a null to + dwarfstring_append. Dwarfbug DW202010-003. Also some lines longer + than libdwarf standard were shortened, but a few long lines really + must remain. + +--- + libdwarf/ChangeLog | 10 ++++++ + libdwarf/dwarf_print_lines.c | 62 +++++++++++++++++++++--------------- + 2 files changed, 47 insertions(+), 25 deletions(-) + +diff --git a/libdwarf/ChangeLog b/libdwarf/ChangeLog +index d5fc623c..bbcfb33e 100644 +diff --git a/libdwarf/dwarf_print_lines.c b/libdwarf/dwarf_print_lines.c +index e119d666..8f73f7b9 100644 +--- a/libdwarf/dwarf_print_lines.c ++++ b/libdwarf/dwarf_print_lines.c +@@ -54,8 +54,10 @@ print_line_header(Dwarf_Debug dbg, + Dwarf_Bool is_actuals_tab) + { + if (!is_single_tab) { +- /* Ugly indenting follows, it makes lines shorter to see them better. +- Best to use a wider text window to really see how it looks.*/ ++ /* Ugly indenting follows, it makes lines shorter ++ to see them better. ++ Best to use a wider text window to really ++ see how it looks.*/ + if (is_actuals_tab) { + _dwarf_printf(dbg,"\nActuals Table\n"); + _dwarf_printf(dbg, +@@ -102,13 +104,15 @@ print_line_detail( + if(!is_single_table && is_actuals_table) { + dwarfstring_append_printf_s(&m1,"%-15s ",(char *)prefix); + dwarfstring_append_printf_i(&m1,"%3d ",opcode); +- dwarfstring_append_printf_u(&m1,"0x%" DW_PR_XZEROS DW_PR_DUx , ++ dwarfstring_append_printf_u(&m1,"0x%" DW_PR_XZEROS DW_PR_DUx, + regs->lr_address); + dwarfstring_append_printf_u(&m1,"/%01u",regs->lr_op_index); + dwarfstring_append_printf_u(&m1," %5lu", regs->lr_line); + dwarfstring_append_printf_u(&m1," %3d",regs->lr_isa); +- dwarfstring_append_printf_i(&m1," %1d", regs->lr_basic_block); +- dwarfstring_append_printf_i(&m1,"%1d\n", regs->lr_end_sequence); ++ dwarfstring_append_printf_i(&m1," %1d", ++ regs->lr_basic_block); ++ dwarfstring_append_printf_i(&m1,"%1d\n", ++ regs->lr_end_sequence); + _dwarf_printf(dbg,dwarfstring_string(&m1)); + dwarfstring_destructor(&m1); + return; +@@ -138,9 +142,11 @@ print_line_detail( + " x%02" DW_PR_DUx , + regs->lr_discriminator); /* DWARF4 */ + dwarfstring_append_printf_u(&m1, +- " x%02" DW_PR_DUx , regs->lr_call_context); /* EXPERIMENTAL */ ++ " x%02" DW_PR_DUx, ++ regs->lr_call_context); /* EXPERIMENTAL */ + dwarfstring_append_printf_u(&m1, +- " x%02" DW_PR_DUx , regs->lr_subprogram); /* EXPERIMENTAL */ ++ " x%02" DW_PR_DUx , ++ regs->lr_subprogram); /* EXPERIMENTAL */ + dwarfstring_append_printf_i(&m1, + " %1d", regs->lr_is_stmt); + dwarfstring_append_printf_i(&m1, +@@ -236,7 +242,8 @@ print_include_directory_details(Dwarf_Debug dbg, + tname = ""; + } + dwarfstring_append_printf_u (&m4, +- " type 0x%" DW_PR_XZEROS DW_PR_DUx ,valpair->up_first); ++ " type 0x%" DW_PR_XZEROS DW_PR_DUx, ++ valpair->up_first); + dwarfstring_append_printf_s (&m4, + " %-20s\n",(char *)tname); + res = dwarf_get_FORM_name(valpair->up_second,&fname); +@@ -327,20 +334,22 @@ print_just_file_entry_details(Dwarf_Debug dbg, + if (line_context->lc_file_entry_count > 9) { + dwarfstring_append_printf_u(&m3, + " file[%2u] ",fiu); +- dwarfstring_append_printf_s(&m3, +- "%-20s ", +- (char *) fe->fi_file_name); +- dwarfstring_append_printf_u(&m3, +- "(file-number: %u)\n", +- filenum); + } else { + dwarfstring_append_printf_u(&m3, + " file[%u] ", fiu); +- dwarfstring_append_printf_s(&m3, +- "%-20s ",(char *)fe->fi_file_name); +- dwarfstring_append_printf_u(&m3, +- "(file-number: %u)\n",filenum); + } ++ /* DWARF5 can have a null fi_file_name ++ if the format code in the ++ line table header is unknown, such ++ as in a corrupt object file. */ ++ dwarfstring_append_printf_s(&m3, ++ "%-20s ", ++ fe->fi_file_name? ++ (char *) fe->fi_file_name: ++ ""); ++ dwarfstring_append_printf_u(&m3, ++ "(file-number: %u)\n", ++ filenum); + _dwarf_printf(dbg,dwarfstring_string(&m3)); + dwarfstring_reset(&m3); + if (fe->fi_dir_index_present) { +@@ -509,8 +518,8 @@ _dwarf_internal_printlines(Dwarf_Die die, + Dwarf_Small *line_ptr = 0; + Dwarf_Small *orig_line_ptr = 0; + +- /* Pointer to a DW_AT_stmt_list attribute in case it exists in the +- die. */ ++ /* Pointer to a DW_AT_stmt_list attribute in case ++ it exists in the die. */ + Dwarf_Attribute stmt_list_attr = 0; + + /* Pointer to DW_AT_comp_dir attribute in die. */ +@@ -568,7 +577,8 @@ _dwarf_internal_printlines(Dwarf_Die die, + } + + address_size = _dwarf_get_address_size(dbg, die); +- resattr = dwarf_attr(die, DW_AT_stmt_list, &stmt_list_attr, error); ++ resattr = dwarf_attr(die, DW_AT_stmt_list, &stmt_list_attr, ++ error); + if (resattr != DW_DLV_OK) { + return resattr; + } +@@ -600,7 +610,8 @@ _dwarf_internal_printlines(Dwarf_Die die, + section_start = dbg->de_debug_line.dss_data; + { + Dwarf_Unsigned fission_size = 0; +- int resfis = _dwarf_get_fission_addition_die(die, DW_SECT_LINE, ++ int resfis = _dwarf_get_fission_addition_die(die, ++ DW_SECT_LINE, + &fission_offset,&fission_size,error); + if(resfis != DW_DLV_OK) { + dwarf_dealloc(dbg,stmt_list_attr, DW_DLA_ATTR); +@@ -612,8 +623,8 @@ _dwarf_internal_printlines(Dwarf_Die die, + line_ptr = orig_line_ptr; + dwarf_dealloc(dbg, stmt_list_attr, DW_DLA_ATTR); + +- /* If die has DW_AT_comp_dir attribute, get the string that names +- the compilation directory. */ ++ /* If die has DW_AT_comp_dir attribute, get the string ++ that names the compilation directory. */ + resattr = dwarf_attr(die, DW_AT_comp_dir, &comp_dir_attr, error); + if (resattr == DW_DLV_ERROR) { + return resattr; +@@ -907,7 +918,8 @@ print_actuals_and_locals(Dwarf_Debug dbg, + is_actuals_table = true; + /* Read Actuals */ + +- print_line_header(dbg, is_single_table, is_actuals_table); ++ print_line_header(dbg, is_single_table, ++ is_actuals_table); + res = read_line_table_program(dbg, + line_ptr_actuals, line_ptr_end, orig_line_ptr, + section_start, diff --git a/libdwarf.spec b/libdwarf.spec index 22b5418..a15a011 100644 --- a/libdwarf.spec +++ b/libdwarf.spec @@ -1,10 +1,11 @@ Name: libdwarf Version: 20201020 -Release: 1 +Release: 2 Summary: Library to access DWARF debugging information License: LGPLv2 URL: http://www.prevanders.net/dwarf.html Source0: http://www.prevanders.net/%{name}-%{version}.tar.gz +Patch0: CVE-2020-28163.patch BuildRequires: gcc binutils-devel elfutils-libelf-devel dos2unix %description @@ -72,6 +73,9 @@ LD_LIBRARY_PATH=$PWD/libdwarf/.libs %__make check %{_mandir}/man1/dwarfdump.1.gz %changelog +* Tue Jul 26 2022 panys - 20201020-2 +- Fix CVE-2020-28163 + * Tue Nov 24 2020 SimpleUpdate Robot - 20201020-1 - Upgrade to version 20201020 -- Gitee