From b4a63ae5bc51555b42062ab01fca9464c197cea4 Mon Sep 17 00:00:00 2001 From: yixiangzhike Date: Thu, 4 Sep 2025 16:23:40 +0800 Subject: [PATCH] Fix invalid read causing SIGSEGV --- ...PR29171-invalid-read-causing-SIGSEGV.patch | 54 +++++++++++++++++++ binutils.spec | 6 ++- 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 backport-PR29171-invalid-read-causing-SIGSEGV.patch diff --git a/backport-PR29171-invalid-read-causing-SIGSEGV.patch b/backport-PR29171-invalid-read-causing-SIGSEGV.patch new file mode 100644 index 0000000..7899e0b --- /dev/null +++ b/backport-PR29171-invalid-read-causing-SIGSEGV.patch @@ -0,0 +1,54 @@ +From be38442ddacf1fd25c8868d0491ea9e98b0e9ca7 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Tue, 24 May 2022 10:47:35 +0930 +Subject: [PATCH] PR29171, invalid read causing SIGSEGV + +The fix here is to pass "section" down to read_and_display_attr_value. +The test in read_and_display_attr_value is a little bit of hardening. + + PR 29171 + * dwarf.c (display_debug_macro, display_debug_names): Pass section + to read_and_display_attr_value2. + (read_and_display_attr_value): Don't attempt to check for .dwo + section name when section is NULL. +--- + binutils/dwarf.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index d820c21527f..a0dfd4df481 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -2717,7 +2717,7 @@ read_and_display_attr_value (unsigned long attribute, + case DW_FORM_GNU_str_index: + if (!do_loc) + { +- const char * suffix = strrchr (section->name, '.'); ++ const char * suffix = section ? strrchr (section->name, '.') : NULL; + bfd_boolean dwo = (suffix && strcmp (suffix, ".dwo") == 0) ? TRUE : FALSE; + + printf (_("%c(indexed string: 0x%s): %s"), delimiter, +@@ -6273,8 +6273,9 @@ display_debug_macro (struct dwarf_section *section, + SAFE_BYTE_GET_AND_INC (val, desc, 1, end); + curr + = read_and_display_attr_value (0, val, 0, +- start, curr, end, 0, 0, offset_size, +- version, NULL, 0, NULL, ++ start, curr, end, 0, 0, ++ offset_size, version, ++ NULL, 0, section, + NULL, ' ', -1); + if (n != nargs - 1) + printf (","); +@@ -10310,7 +10311,7 @@ display_debug_names (struct dwarf_section *section, void *file) + unit_start, entryptr, unit_end, + 0, 0, offset_size, + dwarf_version, NULL, +- (tagno < 0), NULL, ++ (tagno < 0), section, + NULL, '=', -1); + } + ++tagno; +-- +2.43.0 + diff --git a/binutils.spec b/binutils.spec index baa41f9..42b4325 100644 --- a/binutils.spec +++ b/binutils.spec @@ -1,7 +1,7 @@ Summary: Binary utilities Name: binutils Version: 2.34 -Release: 38 +Release: 39 License: GPLv3+ URL: https://sourceware.org/binutils @@ -75,6 +75,7 @@ Patch60: backport-CVE-2025-7545.patch Patch61: backport-CVE-2022-38126.patch Patch62: backport-CVE-2022-38533.patch Patch63: backport-CVE-2025-7546.patch +Patch64: backport-PR29171-invalid-read-causing-SIGSEGV.patch Provides: bundled(libiberty) @@ -329,6 +330,9 @@ fi %{_infodir}/bfd*info* %changelog +* Thu Sep 4 2025 yixiangzhike - 2.34-39 +- backport PR29171 to fix invalid read causing SIGSEGV + * Fri Aug 29 2025 eastb233 - 2.34-38 - Fix CVE-2022-38126, CVE-2022-38533, CVE-2025-7546 -- Gitee