#2284 CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary

open
nobody
security (1)
other
7
2014-07-12
2014-07-12
Igor Gnatenko
No

Hi,

sdcc 3.4.0 affected with vulnerability CVE-2012-3509.
Because you're using bundled libiberty.

sdar.debug
00000000004333f0 T _objalloc_alloc
sdnm.debug
0000000000430e70 T _objalloc_alloc
sdobjcopy.debug
000000000044f110 T _objalloc_alloc
sdranlib.debug
00000000004333f0 T _objalloc_alloc

Look into bundled srcs:

[brain@X1Carbon sdcc-3.3.0]$ cat ./support/sdbinutils/libiberty/objalloc.c | grep _objalloc_alloc -A2
_objalloc_alloc (struct objalloc *o, unsigned long len)
{
  /* We avoid confusion from zero sized objects by always allocating

You want to apply patches below to:
./support/sdbinutils/libiberty/objalloc.c
./support/sdbinutils/include/objalloc.h

Patches:
https://gcc.gnu.org/viewcvs/gcc/trunk/include/objalloc.h?r1=191413&r2=191412&pathrev=191413
https://gcc.gnu.org/viewcvs/gcc/trunk/libiberty/objalloc.c?r1=191413&r2=191412&pathrev=191413

Discussion