From a1c4c158112cea2b9fc33a5e5ccf9d94e200d697 Mon Sep 17 00:00:00 2001
From: liningjie <liningjie@xfusion.com>
Date: Thu, 31 Aug 2023 11:15:17 +0800
Subject: [PATCH] fix CVE-2022-48064

(cherry picked from commit 13ff7503b3d9555f105b61a12d8ef3242b8a9a13)
---
 backport-CVE-2022-48064.patch | 52 +++++++++++++++++++++++++++++++++++
 binutils.spec                 |  6 +++-
 2 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2022-48064.patch

diff --git a/backport-CVE-2022-48064.patch b/backport-CVE-2022-48064.patch
new file mode 100644
index 0000000..4eadff6
--- /dev/null
+++ b/backport-CVE-2022-48064.patch
@@ -0,0 +1,52 @@
+From 8f2c64de86bc3d7556121fe296dd679000283931 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 20 Dec 2022 23:47:03 +1030
+Subject: [PATCH] PR29922, SHT_NOBITS section avoids section size sanity check
+
+	PR 29922
+	* dwarf2.c (find_debug_info): Ignore sections without
+	SEC_HAS_CONTENTS.
+---
+ bfd/dwarf2.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 95f45708e9d..0cd8152ee6e 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -4831,16 +4831,19 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
+     {
+       look = debug_sections[debug_info].uncompressed_name;
+       msec = bfd_get_section_by_name (abfd, look);
+-      if (msec != NULL)
++      /* Testing SEC_HAS_CONTENTS is an anti-fuzzer measure.  Of
++	 course debug sections always have contents.  */
++      if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
+ 	return msec;
+ 
+       look = debug_sections[debug_info].compressed_name;
+       msec = bfd_get_section_by_name (abfd, look);
+-      if (msec != NULL)
++      if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
+         return msec;
+ 
+       for (msec = abfd->sections; msec != NULL; msec = msec->next)
+-	if (startswith (msec->name, GNU_LINKONCE_INFO))
++	if ((msec->flags & SEC_HAS_CONTENTS) != 0
++	    && startswith (msec->name, GNU_LINKONCE_INFO))
+ 	  return msec;
+ 
+       return NULL;
+@@ -4848,6 +4851,9 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
+ 
+   for (msec = after_sec->next; msec != NULL; msec = msec->next)
+     {
++      if ((msec->flags & SEC_HAS_CONTENTS) == 0)
++	continue;
++
+       look = debug_sections[debug_info].uncompressed_name;
+       if (strcmp (msec->name, look) == 0)
+ 	return msec;
+-- 
+2.39.3
+
diff --git a/binutils.spec b/binutils.spec
index 646d4bd..0261c26 100644
--- a/binutils.spec
+++ b/binutils.spec
@@ -1,7 +1,7 @@
 Summary: Binary utilities
 Name:    binutils
 Version: 2.37
-Release: 20
+Release: 21
 License: GPLv3+
 URL:     https://sourceware.org/binutils
 
@@ -78,6 +78,7 @@ Patch52: backport-CVE-2022-47011.patch
 Patch53: backport-CVE-2022-47696.patch
 Patch54: backport-CVE-2021-46174.patch
 Patch55: backport-CVE-2023-1972.patch
+Patch56: backport-CVE-2022-48064.patch
 
 Provides: bundled(libiberty)
 
@@ -401,6 +402,9 @@ fi
 %{_infodir}/bfd*info*
 
 %changelog
+* Thu Aug 31 2023 liningjie <liningjie@xfusion.com> - 2.37-21
+- fix CVE-2022-48064
+
 * Wed Aug 30 2023 eastb233 <xiezhiheng@huawei.com> - 2.37-20
 - fix CVE-2023-1972
 
-- 
Gitee