From efac4276ed7aa0bad6ca114904206c89f7969585 Mon Sep 17 00:00:00 2001 From: Linux_zhang Date: Fri, 23 May 2025 09:19:32 +0800 Subject: [PATCH] Fix CVE-2025-3198: Memory leak issue in objdump --- backport-CVE-2025-3198.patch | 26 ++++++++++++++++++++++++++ binutils.spec | 6 +++++- 2 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2025-3198.patch diff --git a/backport-CVE-2025-3198.patch b/backport-CVE-2025-3198.patch new file mode 100644 index 0000000..1125eb9 --- /dev/null +++ b/backport-CVE-2025-3198.patch @@ -0,0 +1,26 @@ +From ba6ad3a18cb26b79e0e3b84c39f707535bbc344d Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Wed, 19 Feb 2025 07:58:54 +1030 +Subject: [PATCH] PR32716, objdump -i memory leak + + PR binutils/32716 + * bucomm.c (display_info): Free arg.info. +--- + binutils/bucomm.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/binutils/bucomm.c b/binutils/bucomm.c +index ccf54099154..d4554737db1 100644 +--- a/binutils/bucomm.c ++++ b/binutils/bucomm.c +@@ -435,6 +435,7 @@ display_info (void) + if (!arg.error) + display_target_tables (&arg); + ++ free (arg.info); + return arg.error; + } + +-- +2.43.5 + diff --git a/binutils.spec b/binutils.spec index ab53fdd..05de1b9 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,7 +1,7 @@ Summary: Binary utilities Name: binutils Version: 2.34 -Release: 33 +Release: 34 License: GPLv3+ URL: https://sourceware.org/binutils @@ -70,6 +70,7 @@ Patch53: backport-ubsan-shift-exponent-is-too-large.patch Patch54: backport-asan-readelf-use-after-free-in-process_archive.patch Patch55: CVE-2022-44840.patch Patch56: backport-CVE-2025-0840.patch +Patch57: backport-CVE-2025-3198.patch Provides: bundled(libiberty) @@ -324,6 +325,9 @@ fi %{_infodir}/bfd*info* %changelog +* Fri May 23 2025 Linux_zhang - 2.34-34 +- Fix CVE-2025-3198: Memory leak issue in objdump + * Thu Feb 06 2025 Funda Wang - 2.34-33 - fix CVE-2025-0840 -- Gitee