diff --git a/backport-CVE-2022-4285.patch b/backport-CVE-2022-4285.patch new file mode 100644 index 0000000000000000000000000000000000000000..0704b322e723480396b8f16388198a7c3a2c0b82 --- /dev/null +++ b/backport-CVE-2022-4285.patch @@ -0,0 +1,28 @@ +From: Nick Clifton +Date: Wed, 19 Oct 2022 14:09:12 +0000 (+0100) +Subject: Fix an illegal memory access when parsing an ELF file containing corrupt symbol versi... +X-Git-Tag: gdb-13-branchpoint~796 +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 + +Fix an illegal memory access when parsing an ELF file containing corrupt symbol version information. + + PR 29699 + * elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field + of the section header is zero. +--- + +diff --git a/bfd/elf.c b/bfd/elf.c +index fe00e0f9189..7cd7febcf95 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) + bfd_set_error (bfd_error_file_too_big); + goto error_return_verref; + } +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); ++ if (amt == 0) ++ goto error_return_verref; ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verref == NULL) + goto error_return_verref; + diff --git a/binutils.spec b/binutils.spec index 6fd15f70382da7a38a2bb1e66fe49ed95ae01b7f..f4c7ee37cb93ff6d2a211e9ac257828f9ac7fac3 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,7 +1,7 @@ Summary: Binary utilities Name: binutils Version: 2.37 -Release: 21 +Release: 22 License: GPLv3+ URL: https://sourceware.org/binutils @@ -79,6 +79,7 @@ Patch53: backport-CVE-2022-47696.patch Patch54: backport-CVE-2021-46174.patch Patch55: backport-CVE-2023-1972.patch Patch56: backport-CVE-2022-48064.patch +Patch57: backport-CVE-2022-4285.patch Provides: bundled(libiberty) @@ -403,6 +404,9 @@ fi %{_infodir}/bfd*info* %changelog +* Thu Aug 31 2023 eastb233 -2.37-22 +- fix CVE-2022-4285 + * Thu Aug 31 2023 liningjie - 2.37-21 - fix CVE-2022-48064