From 0e0b54957ea74ca5318ccd79bac4b0179548e264 Mon Sep 17 00:00:00 2001 From: liningjie Date: Thu, 24 Aug 2023 14:24:26 +0800 Subject: [PATCH] fix CVE-2022-47011 --- backport-CVE-2022-47011.patch | 29 +++++++++++++++++++++++++++++ binutils.spec | 7 +++++-- 2 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 backport-CVE-2022-47011.patch diff --git a/backport-CVE-2022-47011.patch b/backport-CVE-2022-47011.patch new file mode 100644 index 0000000..90a4b0c --- /dev/null +++ b/backport-CVE-2022-47011.patch @@ -0,0 +1,29 @@ +From 8a24927bc8dbf6beac2000593b21235c3796dc35 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Mon, 20 Jun 2022 10:39:13 +0930 +Subject: [PATCH] PR29261, memory leak in parse_stab_struct_fields + + PR 29261 + * stabs.c (parse_stab_struct_fields): Free "fields" on failure path. +--- + binutils/stabs.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/binutils/stabs.c b/binutils/stabs.c +index 796ff85b86a..bf3f578cbcc 100644 +--- a/binutils/stabs.c ++++ b/binutils/stabs.c +@@ -2367,7 +2367,10 @@ parse_stab_struct_fields (void *dhandle, + + if (! parse_stab_one_struct_field (dhandle, info, pp, p, fields + c, + staticsp, p_end)) +- return false; ++ { ++ free (fields); ++ return false; ++ } + + ++c; + } +-- +2.39.3 diff --git a/binutils.spec b/binutils.spec index 9ef9a2a..ced8fe4 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,7 +1,7 @@ Summary: Binary utilities Name: binutils Version: 2.37 -Release: 18 +Release: 19 License: GPLv3+ URL: https://sourceware.org/binutils @@ -46,7 +46,7 @@ Patch48: backport-PR28422-build_id-use-after-free.patch Patch49: backport-PR28540-segmentation-fault-on-NULL-byte_get.patch Patch50: Fix-gold-relocation-offset-and-adrp-signed-shife.patch Patch51: backport-CVE-2022-47008.patch - +Patch52: backport-CVE-2022-47011.patch %ifarch loongarch64 @@ -399,6 +399,9 @@ fi %{_infodir}/bfd*info* %changelog +* Thu Aug 24 2023 liningjie - 2.37-19 +- fix CVE-2022-47011 + * Wed Aug 23 2023 liningjie - 2.37-18 - fix CVE-2022-47008 -- Gitee