From: Deepthi Hemraj <[email protected]> [Bitcode] Add some missing GetTypeByID failure checks
Print an error instead of crashing. Signed-off-by: Deepthi Hemraj <[email protected]> --- .../llvm/llvm/0008-CVE-2023-46049.patch | 34 +++++++++++++++++++ meta/recipes-devtools/llvm/llvm_git.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta/recipes-devtools/llvm/llvm/0008-CVE-2023-46049.patch diff --git a/meta/recipes-devtools/llvm/llvm/0008-CVE-2023-46049.patch b/meta/recipes-devtools/llvm/llvm/0008-CVE-2023-46049.patch new file mode 100644 index 0000000000..c34e9ae69c --- /dev/null +++ b/meta/recipes-devtools/llvm/llvm/0008-CVE-2023-46049.patch @@ -0,0 +1,34 @@ +commit c2515a8f2be5dd23354c9891f41ad104000f88c4 +Author: Nikita Popov <[email protected]> +Date: Tue Sep 26 16:51:40 2023 +0200 + + [Bitcode] Add some missing GetTypeByID failure checks + + Print an error instead of crashing. + + Fixes https://github.com/llvm/llvm-project/issues/67388. + +Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/c2515a8f2be5dd23354c9891f41ad104000f88c4] +CVE: CVE-2023-46049 +Signed-off-by: Deepthi Hemraj <[email protected]> + +--- a/llvm/lib/Bitcode/Reader/MetadataLoader.cpp 2022-01-20 13:31:59.000000000 -0800 ++++ b/llvm/lib/Bitcode/Reader/MetadataLoader.cpp 2024-07-28 21:35:31.062992219 -0700 +@@ -1235,7 +1235,7 @@ + } + + Type *Ty = getTypeByID(Record[0]); +- if (Ty->isMetadataTy() || Ty->isVoidTy()) { ++ if (!Ty || Ty->isMetadataTy() || Ty->isVoidTy()) { + dropRecord(); + break; + } +@@ -1277,7 +1277,7 @@ + return error("Invalid record"); + + Type *Ty = getTypeByID(Record[0]); +- if (Ty->isMetadataTy() || Ty->isVoidTy()) ++ if (!Ty || Ty->isMetadataTy() || Ty->isVoidTy()) + return error("Invalid record"); + + MetadataList.assignValue( diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb index cedbfb138e..c48650c296 100644 --- a/meta/recipes-devtools/llvm/llvm_git.bb +++ b/meta/recipes-devtools/llvm/llvm_git.bb @@ -33,6 +33,7 @@ SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=http file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \ file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \ file://0001-Support-Add-missing-cstdint-header-to-Signals.h.patch;striplevel=2 \ + file://0008-CVE-2023-46049.patch;striplevel=2 \ " UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)" -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#202609): https://lists.openembedded.org/g/openembedded-core/message/202609 Mute This Topic: https://lists.openembedded.org/mt/107605963/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
