From ee767aa6e15a9c5df73fe4558b121ae10f7f9a7e Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Sun, 6 Apr 2025 14:39:36 +0800
Subject: [PATCH] Fix CVE-2025-3198: Memory leak issue in objdump

---
 backport-CVE-2025-3198.patch | 26 ++++++++++++++++++++++++++
 binutils.spec                |  9 ++++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-3198.patch

diff --git a/backport-CVE-2025-3198.patch b/backport-CVE-2025-3198.patch
new file mode 100644
index 00000000..1125eb98
--- /dev/null
+++ b/backport-CVE-2025-3198.patch
@@ -0,0 +1,26 @@
+From ba6ad3a18cb26b79e0e3b84c39f707535bbc344d Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 19 Feb 2025 07:58:54 +1030
+Subject: [PATCH] PR32716, objdump -i memory leak
+
+	PR binutils/32716
+	* bucomm.c (display_info): Free arg.info.
+---
+ binutils/bucomm.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/binutils/bucomm.c b/binutils/bucomm.c
+index ccf54099154..d4554737db1 100644
+--- a/binutils/bucomm.c
++++ b/binutils/bucomm.c
+@@ -435,6 +435,7 @@ display_info (void)
+   if (!arg.error)
+     display_target_tables (&arg);
+ 
++  free (arg.info);
+   return arg.error;
+ }
+ 
+-- 
+2.43.5
+
diff --git a/binutils.spec b/binutils.spec
index 7e45e9a4..cd26e0c4 100644
--- a/binutils.spec
+++ b/binutils.spec
@@ -2,7 +2,7 @@
 Summary: A GNU collection of binary utilities
 Name: binutils%{?_with_debug:-debug}
 Version: 2.41
-Release: 17
+Release: 18
 License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later
 URL: https://sourceware.org/binutils
 
@@ -379,6 +379,10 @@ Patch5013: nm-Avoid-potential-segmentation-fault-when-displaying.patch
 # Purpose: PR32560 stack-buffer-overflow at objdump disassemble_bytes
 # Lifetime: Fixed in 2.44
 Patch5014: backport-CVE-2025-0840.patch
+
+# Purpose: PR32716, objdump -i memory leak
+# Lifetime: fixed in master
+Patch5015: backport-CVE-2025-3198.patch
 #----------------------------------------------------------------------------
 
 Patch6001: aarch64-add-l4-instruction.patch
@@ -1397,6 +1401,9 @@ exit 0
 
 #----------------------------------------------------------------------------
 %changelog
+* Sun Apr 06 2025 Funda Wang <fundawang@yeah.net> - 2.41-18
+- Fix CVE-2025-3198: Memory leak issue in objdump
+
 * Fri Feb 07 2025 chenhong <chenhong92@huawei.com> - 2.41-17
 - add l4 support
 
-- 
Gitee