Created attachment 157772 [details] fix from OpenBSD CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary. I stopped using gcc a while ago so I have no idea how useful/important this may be. OpenBSD has applied the following change: http://freshbsd.org/commit/openbsd/c507578c3b16e773f91845211533295791f6b94d I have translated it to the attached patch.
A commit references this bug: Author: pfg Date: Fri Jun 3 21:37:24 UTC 2016 New revision: 301291 URL: https://svnweb.freebsd.org/changeset/base/301291 Log: libiberty: prevent integer overflow. Take care of very old bug leading to heap-buffer overflow by processing certain file headers via bfd binary. PR: 200888 Obtained from: OpenBSD MFC after: 2 weeks Changes: head/contrib/gcclibs/include/objalloc.h head/contrib/gcclibs/libiberty/objalloc.c
(I am taking care of this)
A commit references this bug: Author: pfg Date: Fri Jun 17 02:29:56 UTC 2016 New revision: 301976 URL: https://svnweb.freebsd.org/changeset/base/301976 Log: MFC r301291: libiberty: prevent integer overflow. Take care of very old bug leading to heap-buffer overflow by processing certain file headers via bfd binary. PR: 200888 Obtained from: OpenBSD Changes: _U stable/10/ stable/10/contrib/gcclibs/include/objalloc.h stable/10/contrib/gcclibs/libiberty/objalloc.c
A commit references this bug: Author: pfg Date: Fri Jun 17 02:31:19 UTC 2016 New revision: 301977 URL: https://svnweb.freebsd.org/changeset/base/301977 Log: MFC r301291: libiberty: prevent integer overflow. Take care of very old bug leading to heap-buffer overflow by processing certain file headers via bfd binary. PR: 200888 Obtained from: OpenBSD Changes: _U stable/9/contrib/gcclibs/ stable/9/contrib/gcclibs/include/objalloc.h stable/9/contrib/gcclibs/libiberty/objalloc.c
A commit references this bug: Author: danfe Date: Tue Dec 12 12:59:05 UTC 2017 New revision: 326795 URL: https://svnweb.freebsd.org/changeset/base/326795 Log: MFC r301291: libiberty: prevent integer overflow. Take care of very old bug leading to heap-buffer overflow by processing certain file headers via bfd binary. PR: 200888 Obtained from: OpenBSD Approved by: pfg Changes: _U stable/8/contrib/gcclibs/ stable/8/contrib/gcclibs/include/objalloc.h stable/8/contrib/gcclibs/libiberty/objalloc.c