diff --git a/backport-libctf-fix-ref-leak-of-names-of-newly-inserted-non-r.patch b/backport-libctf-fix-ref-leak-of-names-of-newly-inserted-non-r.patch new file mode 100644 index 0000000000000000000000000000000000000000..ae12ccd67462c8ae65d625ab55118a9acbbb32f3 --- /dev/null +++ b/backport-libctf-fix-ref-leak-of-names-of-newly-inserted-non-r.patch @@ -0,0 +1,51 @@ +From 0daea2d62ccdcf453d0885571aab1aca05bc847d Mon Sep 17 00:00:00 2001 +From: Nick Alcock +Date: Mon, 29 Jul 2024 12:45:09 +0100 +Subject: [PATCH] libctf: fix ref leak of names of newly-inserted + non-root-visible types + +A bug in ctf_dtd_delete led to refs in the string table to the +names of non-root-visible types not being removed when the DTD +was. This seems harmless, but actually it would lead to a write +down a pointer into freed memory if such a type was ctf_rollback()ed +over and then the dict was serialized (updating all the refs as the +strtab was serialized in turn). + +Bug introduced in commit fe4c2d55634c700ba527ac4183e05c66e9f93c62 +("libctf: create: non-root-visible types should not appear in name tables") +which is included in binutils 2.35. + +libctf/ + * ctf-create.c (ctf_dtd_delete): Remove refs for all types + with names, not just root-visible ones. + +Reference:https://github.com/bminor/binutils-gdb/commit/0daea2d62ccdcf453d0885571aab1aca05bc847d +Conflict:NA + +--- + libctf/ctf-create.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/libctf/ctf-create.c b/libctf/ctf-create.c +index 2d232d40..2a45192b 100644 +--- a/libctf/ctf-create.c ++++ b/libctf/ctf-create.c +@@ -288,11 +288,11 @@ ctf_dtd_delete (ctf_dict_t *fp, ctf_dtdef_t *dtd) + dtd->dtd_vlen_alloc = 0; + + if (dtd->dtd_data.ctt_name +- && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL +- && LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info)) ++ && (name = ctf_strraw (fp, dtd->dtd_data.ctt_name)) != NULL) + { +- ctf_dynhash_remove (ctf_name_table (fp, name_kind)->ctn_writable, +- name); ++ if (LCTF_INFO_ISROOT (fp, dtd->dtd_data.ctt_info)) ++ ctf_dynhash_remove (ctf_name_table (fp, name_kind)->ctn_writable, ++ name); + ctf_str_remove_ref (fp, name, &dtd->dtd_data.ctt_name); + } + +-- +2.43.0 + diff --git a/binutils.spec b/binutils.spec index e8fc9572a45bec48df42a43befca8c844cade173..44cb78e2d7450a930151cf5c17890caa28572656 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,7 +1,7 @@ Summary: Binary utilities Name: binutils Version: 2.37 -Release: 27 +Release: 28 License: GPLv3+ URL: https://sourceware.org/binutils @@ -88,6 +88,7 @@ Patch3061: SME-0007-aarch64-SME-Add-new-SME-system-registers.patch Patch3062: SME-0008-aarch64-SME-SVE2-instructions-added-to-support-SME.patch Patch3063: SME-0009-aarch64-Check-for-register-aliases-before-mnemonics.patch Patch3064: SME-0010-aarch64-Add-support-for-new-SME-instructions.patch +Patch3065: backport-libctf-fix-ref-leak-of-names-of-newly-inserted-non-r.patch %ifarch loongarch64 # LoongArch @@ -115,7 +116,6 @@ Patch6001: sw_64-support-not-upstream-new-files.patch Patch6002: sw_64-support-not-upstream-modified-files.patch %endif - Provides: bundled(libiberty) Buildroot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) @@ -465,6 +465,9 @@ fi %{_infodir}/bfd*info* %changelog +* Sat Oct 12 2024 liningjie - 2.37-28 +- DESC:fix ref leak of names of newly-inserted non-root-visible types + * Thu Mar 21 2024 peng.zou - 2.37-27 - add ppc64le support