diff --git a/backport-CVE-2022-48064.patch b/backport-CVE-2022-48064.patch new file mode 100644 index 0000000000000000000000000000000000000000..5581309e8d7cb3ac28db185cbf2659f994c3a358 --- /dev/null +++ b/backport-CVE-2022-48064.patch @@ -0,0 +1,55 @@ +From c732ae93a2592431f94b3d92759028551088c40e Mon Sep 17 00:00:00 2001 +From: liningjie +Date: Thu, 31 Aug 2023 11:36:07 +0800 +Subject: [PATCH] PR29922, SHT_NOBITS section avoids section size sanity check + +PR 29922 +* dwarf2.c (find_debug_info): Ignore sections without +SEC_HAS_CONTENTS. +--- + bfd/dwarf2.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c +index dd3568a8..807e9539 100644 +--- a/bfd/dwarf2.c ++++ b/bfd/dwarf2.c +@@ -3913,19 +3913,22 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections, + { + look = debug_sections[debug_info].uncompressed_name; + msec = bfd_get_section_by_name (abfd, look); +- if (msec != NULL) ++ /* Testing SEC_HAS_CONTENTS is an anti-fuzzer measure. Of ++ course debug sections always have contents. */ ++ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0) + return msec; + + look = debug_sections[debug_info].compressed_name; + if (look != NULL) + { + msec = bfd_get_section_by_name (abfd, look); +- if (msec != NULL) ++ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0) + return msec; + } + + for (msec = abfd->sections; msec != NULL; msec = msec->next) +- if (CONST_STRNEQ (msec->name, GNU_LINKONCE_INFO)) ++ if ((msec->flags & SEC_HAS_CONTENTS) != 0 ++ && CONST_STRNEQ (msec->name, GNU_LINKONCE_INFO)) + return msec; + + return NULL; +@@ -3933,6 +3936,9 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections, + + for (msec = after_sec->next; msec != NULL; msec = msec->next) + { ++ if ((msec->flags & SEC_HAS_CONTENTS) == 0) ++ continue; ++ + look = debug_sections[debug_info].uncompressed_name; + if (strcmp (msec->name, look) == 0) + return msec; +-- +2.42.0.windows.2 + diff --git a/binutils.spec b/binutils.spec index 4ad3ffb16e37200873412e76b3340532adef90d2..ac21cb4742da1cbe5c21fd391675206f5d3ebdcf 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,7 +1,7 @@ Summary: Binary utilities Name: binutils Version: 2.34 -Release: 26 +Release: 27 License: GPLv3+ URL: https://sourceware.org/binutils @@ -63,6 +63,7 @@ Patch46: CVE-2022-47008.patch Patch47: backport-CVE-2022-47011.patch Patch48: backport-CVE-2022-47696.patch Patch49: backport-CVE-2021-46174.patch +Patch50: backport-CVE-2022-48064.patch Provides: bundled(libiberty) @@ -341,6 +342,9 @@ fi %{_infodir}/bfd*info* %changelog +* Thu Aug 31 2023 liningjie - 2.34-27 +- fix CVE-2022-48064 + * Tue Aug 29 2023 liningjie - 2.34-26 - fix CVE-2021-46174