diff --git a/backport-CVE-2022-38126.patch b/backport-CVE-2022-38126.patch new file mode 100644 index 0000000000000000000000000000000000000000..21000dab27c1e4801697c77897747afeb7102b3c --- /dev/null +++ b/backport-CVE-2022-38126.patch @@ -0,0 +1,34 @@ +From 753efb93dc018558c483111fbfe14c4ee8c84c51 Mon Sep 17 00:00:00 2001 +From: yinyongkang +Date: Thu, 8 Sep 2022 17:14:11 +0800 +Subject: [PATCH] Replace a run-time assertion failure with a warning message + when parsing corrupt... + +PR 29289 +* dwarf.c (display_debug_names): Replace assert with a warning +message. +--- + binutils/dwarf.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 1e7f4db7..7c54820a 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -9781,7 +9781,12 @@ display_debug_names (struct dwarf_section *section, void *file) + printf (_("Out of %lu items there are %zu bucket clashes" + " (longest of %zu entries).\n"), + (unsigned long) name_count, hash_clash_count, longest_clash); +- assert (name_count == buckets_filled + hash_clash_count); ++ ++ if (name_count != buckets_filled + hash_clash_count) ++ warn (_("The name_count (%lu) is not the same as the used bucket_count (%lu) + the hash clash count (%lu)"), ++ (unsigned long) name_count, ++ (unsigned long) buckets_filled, ++ (unsigned long) hash_clash_count); + + struct abbrev_lookup_entry + { +-- +2.33.0 + diff --git a/binutils.spec b/binutils.spec index 854b53c1b6315e0e2b3811d8f14d0dbf0ab74f85..9a041b42be4016e0d7c9699e054c9e5f339eed36 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,7 +1,7 @@ Summary: Binary utilities Name: binutils Version: 2.37 -Release: 9 +Release: 10 License: GPLv3+ URL: https://sourceware.org/binutils @@ -62,6 +62,7 @@ Patch38: 0026-opcodes-Make-i386-dis.c-thread-safe.patch Patch39: 0027-x86-reduce-AVX512-FP16-set-of-insns-decoded-through-.patch Patch40: 0028-x86-reduce-AVX512-FP-set-of-insns-decoded-through-ve.patch Patch41: 0029-x86-consistently-use-scalar_mode-for-AVX512-FP16-sca.patch +Patch42: backport-CVE-2022-38126.patch Provides: bundled(libiberty) @@ -385,6 +386,12 @@ fi %{_infodir}/bfd*info* %changelog +* Thu Sep 8 2022 yinyongkang - 2.37-10 +- Type:CVE +- ID:CVE-2022-38126 +- SUG:NA +- DESC:Fix CVE-2022-38126 + * Tue Aug 11 2022 dingguangya - 2.37-9 - Type:requirements - ID:NA