From c187574efa2ee20ed06836ec647ac24c3a76b460 Mon Sep 17 00:00:00 2001 From: zhangjian Date: Mon, 28 Jul 2025 07:19:10 +0000 Subject: [PATCH] fix cve 2025-7546 Signed-off-by: zhangjian --- backport-CVE-2025-7546.patch | 53 ++++++++++++++++++++++++++++++++++++ binutils.spec | 6 +++- 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2025-7546.patch diff --git a/backport-CVE-2025-7546.patch b/backport-CVE-2025-7546.patch new file mode 100644 index 0000000..2402f5d --- /dev/null +++ b/backport-CVE-2025-7546.patch @@ -0,0 +1,53 @@ +From 41461010eb7c79fee7a9d5f6209accdaac66cc6b Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Sat, 21 Jun 2025 06:52:00 +0800 +Subject: [PATCH 1/1] elf: Report corrupted group section + +Report corrupted group section instead of trying to recover. + + PR binutils/33050 + * elf.c (bfd_elf_set_group_contents): Report corrupted group + section. + +Signed-off-by: H.J. Lu +--- + bfd/elf.c | 23 ++++++++++------------- + 1 file changed, 10 insertions(+), 13 deletions(-) + +diff --git a/bfd/elf.c b/bfd/elf.c +index 14ce15c7254..ee894eb05f2 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -3971,20 +3971,17 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg) + break; + } + +- /* We should always get here with loc == sec->contents + 4, but it is +- possible to craft bogus SHT_GROUP sections that will cause segfaults +- in objcopy without checking loc here and in the loop above. */ +- if (loc == sec->contents) +- BFD_ASSERT (0); +- else ++ /* We should always get here with loc == sec->contents + 4. Return ++ an error for bogus SHT_GROUP sections. */ ++ loc -= 4; ++ if (loc != sec->contents) + { +- loc -= 4; +- if (loc != sec->contents) +- { +- BFD_ASSERT (0); +- memset (sec->contents + 4, 0, loc - sec->contents); +- loc = sec->contents; +- } ++ /* xgettext:c-format */ ++ _bfd_error_handler (_("%pB: corrupted group section: `%pA'"), ++ abfd, sec); ++ bfd_set_error (bfd_error_bad_value); ++ *failedptr = true; ++ return; + } + + H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc); +-- +2.43.7 diff --git a/binutils.spec b/binutils.spec index 713723c..c6ac02a 100644 --- a/binutils.spec +++ b/binutils.spec @@ -2,7 +2,7 @@ Summary: A GNU collection of binary utilities Name: binutils%{?_with_debug:-debug} Version: 2.41 -Release: 15 +Release: 16 License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later URL: https://sourceware.org/binutils @@ -370,6 +370,7 @@ Patch5011: backport-CVE-2025-0840.patch # Lifetime: fixed in master Patch5012: backport-CVE-2025-3198.patch +Patch6001: backport-CVE-2025-7546.patch #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -1384,6 +1385,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Mon Jul 28 2025 zhangjian - 2.41-16 +- fix cve-2025-7456 + * Thu May 22 2025 Linux_zhang - 2.41-15 - Fix CVE-2025-3198: Memory leak issue in objdump -- Gitee