From b3d48ba6a060eb8cc46b19c35b2e832a35e7e205 Mon Sep 17 00:00:00 2001 From: liningjie Date: Thu, 24 Aug 2023 14:37:21 +0800 Subject: [PATCH] fix CVE-2022-47011 --- backport-CVE-2022-47011.patch | 29 +++++++++++++++++++++++++++++ binutils.spec | 6 +++++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2022-47011.patch diff --git a/backport-CVE-2022-47011.patch b/backport-CVE-2022-47011.patch new file mode 100644 index 0000000..90a4b0c --- /dev/null +++ b/backport-CVE-2022-47011.patch @@ -0,0 +1,29 @@ +From 8a24927bc8dbf6beac2000593b21235c3796dc35 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Mon, 20 Jun 2022 10:39:13 +0930 +Subject: [PATCH] PR29261, memory leak in parse_stab_struct_fields + + PR 29261 + * stabs.c (parse_stab_struct_fields): Free "fields" on failure path. +--- + binutils/stabs.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/binutils/stabs.c b/binutils/stabs.c +index 796ff85b86a..bf3f578cbcc 100644 +--- a/binutils/stabs.c ++++ b/binutils/stabs.c +@@ -2367,7 +2367,10 @@ parse_stab_struct_fields (void *dhandle, + + if (! parse_stab_one_struct_field (dhandle, info, pp, p, fields + c, + staticsp, p_end)) +- return false; ++ { ++ free (fields); ++ return false; ++ } + + ++c; + } +-- +2.39.3 diff --git a/binutils.spec b/binutils.spec index a97514c..f52fd8b 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,7 +1,7 @@ Summary: Binary utilities Name: binutils Version: 2.37 -Release: 16 +Release: 17 License: GPLv3+ URL: https://sourceware.org/binutils @@ -74,6 +74,7 @@ Patch48: backport-PR28422-build_id-use-after-free.patch Patch49: backport-PR28540-segmentation-fault-on-NULL-byte_get.patch Patch50: Fix-gold-relocation-offset-and-adrp-signed-shife.patch Patch51: CVE-2022-47008.patch +Patch52: backport-CVE-2022-47011.patch Provides: bundled(libiberty) @@ -398,6 +399,9 @@ fi %{_infodir}/bfd*info* %changelog +* Thu Aug 24 2023 liningjie - 2.37-17 +- fix CVE-2022-47011 + * Wed Aug 23 2023 liningjie - 2.37-16 - fix CVE-2022-47008 -- Gitee