diff --git a/backport-CVE-2022-47011.patch b/backport-CVE-2022-47011.patch new file mode 100644 index 0000000000000000000000000000000000000000..90a4b0cf77c1c423b9a7d9529ee401569f3bcb94 --- /dev/null +++ b/backport-CVE-2022-47011.patch @@ -0,0 +1,29 @@ +From 8a24927bc8dbf6beac2000593b21235c3796dc35 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Mon, 20 Jun 2022 10:39:13 +0930 +Subject: [PATCH] PR29261, memory leak in parse_stab_struct_fields + + PR 29261 + * stabs.c (parse_stab_struct_fields): Free "fields" on failure path. +--- + binutils/stabs.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/binutils/stabs.c b/binutils/stabs.c +index 796ff85b86a..bf3f578cbcc 100644 +--- a/binutils/stabs.c ++++ b/binutils/stabs.c +@@ -2367,7 +2367,10 @@ parse_stab_struct_fields (void *dhandle, + + if (! parse_stab_one_struct_field (dhandle, info, pp, p, fields + c, + staticsp, p_end)) +- return false; ++ { ++ free (fields); ++ return false; ++ } + + ++c; + } +-- +2.39.3 diff --git a/binutils.spec b/binutils.spec index dd628dc42db31afd7f1da78453eea2d8cc960840..5b4d29acb29aed4baa97012a48e76c291cf01f1b 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,7 +1,7 @@ Summary: Binary utilities Name: binutils Version: 2.37 -Release: 16 +Release: 17 License: GPLv3+ URL: https://sourceware.org/binutils @@ -74,6 +74,7 @@ Patch48: backport-PR28422-build_id-use-after-free.patch Patch49: backport-PR28540-segmentation-fault-on-NULL-byte_get.patch Patch50: Fix-gold-relocation-offset-and-adrp-signed-shife.patch Patch51: CVE-2022-47008.patch +Patch52: backport-CVE-2022-47011.patch Provides: bundled(libiberty) @@ -397,6 +398,9 @@ fi %{_infodir}/bfd*info* %changelog +* Thu Aug 24 2023 liningjie - 2.37-17 +- fix CVE-2022-47011 + * Wed Aug 23 2023 liningjie - 2.37-16 - fix CVE-2022-47008