From 848c2e062f9f525a562db3f8edd7ac45270f82ca Mon Sep 17 00:00:00 2001
From: eastb233 <xiezhiheng@huawei.com>
Date: Wed, 11 Oct 2023 17:19:13 +0800
Subject: [PATCH] Backport a fix about use-after-free issue

---
 ...lf-use-after-free-in-process_archive.patch | 48 +++++++++++++++++++
 binutils.spec                                 |  6 ++-
 2 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 backport-asan-readelf-use-after-free-in-process_archive.patch

diff --git a/backport-asan-readelf-use-after-free-in-process_archive.patch b/backport-asan-readelf-use-after-free-in-process_archive.patch
new file mode 100644
index 0000000..58c08dc
--- /dev/null
+++ b/backport-asan-readelf-use-after-free-in-process_archive.patch
@@ -0,0 +1,48 @@
+From cfc16775b7678e1ad8f9fce048652defd78e3787 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 27 Jun 2020 12:47:45 +0930
+Subject: [PATCH] asan: readelf: use after free in process_archive
+
+Reference: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=cfc16775b7678e1ad8f9fce048652defd78e3787
+
+This tidies up in cases where fuzzed thin archives hit the error return
+path in setup_nested_archive.
+
+	* elfcomm.c (setup_nested_archive): Set nested_arch->file to NULL
+	after freeing.
+	(release_archive): Set fields of arch to NULL after freeing.
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/elfcomm.c | 9 ++++++++-
+ 2 files changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/binutils/elfcomm.c b/binutils/elfcomm.c
+index 558afa7d056..37f9dbe7eef 100644
+--- a/binutils/elfcomm.c
++++ b/binutils/elfcomm.c
+@@ -727,7 +727,10 @@ setup_nested_archive (struct archive_info *nested_arch,
+ 
+   /* Close previous file and discard cached information.  */
+   if (nested_arch->file != NULL)
+-    fclose (nested_arch->file);
++    {
++      fclose (nested_arch->file);
++      nested_arch->file = NULL;
++    }
+   release_archive (nested_arch);
+ 
+   member_file = fopen (member_file_name, "rb");
+@@ -748,6 +751,10 @@ release_archive (struct archive_info * arch)
+     free (arch->sym_table);
+   if (arch->longnames != NULL)
+     free (arch->longnames);
++  arch->file_name = NULL;
++  arch->index_array = NULL;
++  arch->sym_table = NULL;
++  arch->longnames = NULL;
+ }
+ 
+ /* Get the name of an archive member from the current archive header.
+-- 
+2.19.1
+
diff --git a/binutils.spec b/binutils.spec
index d3face9..d65b46b 100644
--- a/binutils.spec
+++ b/binutils.spec
@@ -1,7 +1,7 @@
 Summary: Binary utilities
 Name:    binutils
 Version: 2.34
-Release: 29
+Release: 30
 License: GPLv3+
 URL:     https://sourceware.org/binutils
 
@@ -67,6 +67,7 @@ Patch50: backport-CVE-2022-48064.patch
 Patch51: backport-asan-print_vms_time-signed-integer-overflow.patch
 Patch52: backport-ubsan-shift-exponent-70-is-too-large.patch
 Patch53: backport-ubsan-shift-exponent-is-too-large.patch
+Patch54: backport-asan-readelf-use-after-free-in-process_archive.patch
 
 Provides: bundled(libiberty)
 
@@ -318,6 +319,9 @@ fi
 %{_infodir}/bfd*info*
 
 %changelog
+* Wed Oct 11 2023 eastb233 <xiezhiheng@huawei.com> - 2.34-30
+- Backport a fix about use-after-free issue
+
 * Wed Oct 11 2023 eastb233 <xiezhiheng@huawei.com> - 2.34-29
 - Backport some fixes about undefined shift and integer overflow issues
 
-- 
Gitee