From 4800045df3a53e226e0d26b727ed06eef5abc5df Mon Sep 17 00:00:00 2001
From: liweigang <liweiganga@uniontech.com>
Date: Mon, 13 Oct 2025 18:01:31 +0800
Subject: [PATCH] fix CVE-2025-11412

---
 backport-CVE-2025-11412.patch | 34 ++++++++++++++++++++++++++++++++++
 binutils.spec                 |  9 ++++++++-
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-11412.patch

diff --git a/backport-CVE-2025-11412.patch b/backport-CVE-2025-11412.patch
new file mode 100644
index 0000000..e3b8d93
--- /dev/null
+++ b/backport-CVE-2025-11412.patch
@@ -0,0 +1,34 @@
+From 047435dd988a3975d40c6626a8f739a0b2e154bc Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 25 Sep 2025 08:22:24 +0930
+Subject: [PATCH] PR 33452 SEGV in bfd_elf_gc_record_vtentry
+
+Limit addends on vtentry relocs, otherwise ld might attempt to
+allocate a stupidly large array.  This also fixes the expression
+overflow leading to pr33452.  A vtable of 33M entries on a 64-bit
+host is surely large enough, especially considering that VTINHERIT
+and VTENTRY relocations are to support -fvtable-gc that disappeared
+from gcc over 20 years ago.
+
+	PR ld/33452
+	* elflink.c (bfd_elf_gc_record_vtentry): Sanity check addend.
+---
+ bfd/elflink.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index 54f0d6e957e..0a0456177c2 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -14865,7 +14865,7 @@ bfd_elf_gc_record_vtentry (bfd *abfd, asection *sec,
+   const struct elf_backend_data *bed = get_elf_backend_data (abfd);
+   unsigned int log_file_align = bed->s->log_file_align;
+ 
+-  if (!h)
++  if (!h || addend > 1u << 28)
+     {
+       /* xgettext:c-format */
+       _bfd_error_handler (_("%pB: section '%pA': corrupt VTENTRY entry"),
+-- 
+2.43.7
+
diff --git a/binutils.spec b/binutils.spec
index a4363c8..c2b38b1 100644
--- a/binutils.spec
+++ b/binutils.spec
@@ -2,7 +2,7 @@
 Summary: A GNU collection of binary utilities
 Name: binutils%{?_with_debug:-debug}
 Version: 2.41
-Release: 25
+Release: 26
 License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later
 URL: https://sourceware.org/binutils
 
@@ -435,6 +435,10 @@ Patch5029: backport-CVE-2025-5244.patch
 # Lifetime: Fixed in 2.45
 Patch5030: backport-CVE-2025-5245.patch
 
+# Purpose: PR binutils/33452
+# Lifrtime: Fixed in 2.46
+Patch5031: backport-CVE-2025-11412.patch
+
 #----------------------------------------------------------------------------
 
 Provides: bundled(libiberty)
@@ -1451,6 +1455,9 @@ exit 0
 
 #----------------------------------------------------------------------------
 %changelog
+* Mon Oct 13 2025 liweigang <liweiganga@gmail.com> - 2.41-26
+- Fix CVE-2025-11412
+
 * Tue Sep 2 2025 timhu_806d <timhu@zhaoxin.com> - 2.41-25
 - Backport patch from trunk to 2.41
 
-- 
Gitee