On 12/16/15 18:44, Guido Günther wrote: > > It doesn't segfault but I added this note to dla-needed (so I remember > why I think it's affected): > > dwarfutils > NOTE: exploit does not crash dwarfutils but _dwarf_get_abbrev_for_code > lacks the check > > I do think it would be good to add the check to guard against other > broken binaries or did I misread the code?
Hi Guido, First, from a policy perspective, I would argue that since there is no security issue it does not make sense to provide an extremely minor fix to an LTS package. Especially in this situation, because the problem is only with corrupted input files. However, that argument doesn't matter because in this case the dwarfdump binary is not the C version of dwarfdump but rather the C++ version dwarfdump2. Back then dwarfdump2 was set to become the replacement for the original dwarfdump that was written in C. Recently, upstream decided to abandon the move to the C++ version and instead went back to the C version. Plus, this C++ version in squeeze does exit cleanly with a return of 1 and an appropriate error message: ERROR: Cannot get a SW_FORM_sec_offset or DW_FORM_exprloc...: DW_DLE_ATTR_FORM_BAD (114) Troy
signature.asc
Description: Digital signature
