From 016677203edccacac2d0652a6d241a89de8b0cae Mon Sep 17 00:00:00 2001
From: eastb233 <xiezhiheng@huawei.com>
Date: Thu, 31 Aug 2023 16:08:57 +0800
Subject: [PATCH] fix CVE-2022-4285

---
 backport-CVE-2022-4285.patch | 28 ++++++++++++++++++++++++++++
 binutils.spec                |  6 +++++-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2022-4285.patch

diff --git a/backport-CVE-2022-4285.patch b/backport-CVE-2022-4285.patch
new file mode 100644
index 0000000..0704b32
--- /dev/null
+++ b/backport-CVE-2022-4285.patch
@@ -0,0 +1,28 @@
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 19 Oct 2022 14:09:12 +0000 (+0100)
+Subject: Fix an illegal memory access when parsing an ELF file containing corrupt symbol versi... 
+X-Git-Tag: gdb-13-branchpoint~796
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70
+
+Fix an illegal memory access when parsing an ELF file containing corrupt symbol version information.
+
+	PR 29699
+	* elf.c (_bfd_elf_slurp_version_tables): Fail if the sh_info field
+	of the section header is zero.
+---
+
+diff --git a/bfd/elf.c b/bfd/elf.c
+index fe00e0f9189..7cd7febcf95 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+ 	  bfd_set_error (bfd_error_file_too_big);
+ 	  goto error_return_verref;
+ 	}
+-      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt);
++      if (amt == 0)
++	goto error_return_verref;
++      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt);
+       if (elf_tdata (abfd)->verref == NULL)
+ 	goto error_return_verref;
+ 
diff --git a/binutils.spec b/binutils.spec
index 6fd15f7..f4c7ee3 100644
--- a/binutils.spec
+++ b/binutils.spec
@@ -1,7 +1,7 @@
 Summary: Binary utilities
 Name:    binutils
 Version: 2.37
-Release: 21
+Release: 22
 License: GPLv3+
 URL:     https://sourceware.org/binutils
 
@@ -79,6 +79,7 @@ Patch53: backport-CVE-2022-47696.patch
 Patch54: backport-CVE-2021-46174.patch
 Patch55: backport-CVE-2023-1972.patch
 Patch56: backport-CVE-2022-48064.patch
+Patch57: backport-CVE-2022-4285.patch
 
 
 Provides: bundled(libiberty)
@@ -403,6 +404,9 @@ fi
 %{_infodir}/bfd*info*
 
 %changelog
+* Thu Aug 31 2023 eastb233 <xiezhiheng@huawei.com> -2.37-22
+- fix CVE-2022-4285
+
 * Thu Aug 31 2023 liningjie <liningjie@xfusion.com> - 2.37-21
 - fix CVE-2022-48064
 
-- 
Gitee