From a32d0520cbed64e1888862efe34e2c623f6f90bc Mon Sep 17 00:00:00 2001
From: qz_cx <wangqingzheng@kylinos.cn>
Date: Tue, 6 Sep 2022 10:56:42 +0800
Subject: [PATCH] fix:CVE-2022-39170

---
 CVE-2022-39170.patch | 44 ++++++++++++++++++++++++++++++++++++++++++++
 libdwarf.spec        | 12 +++++++++++-
 2 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-39170.patch

diff --git a/CVE-2022-39170.patch b/CVE-2022-39170.patch
new file mode 100644
index 0000000..13fe11d
--- /dev/null
+++ b/CVE-2022-39170.patch
@@ -0,0 +1,44 @@
+From a05368900e56c40725075ca9bbcc906c0aa966ad Mon Sep 17 00:00:00 2001
+From: qz_cx <wangqingzheng@kylinos.cn>
+Date: Tue, 6 Sep 2022 10:42:15 +0800
+Subject: [PATCH] A new vulnerability: DW202208-001
+
+modified:   data.txt
+---
+ bugxml/data.txt | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/bugxml/data.txt b/bugxml/data.txt
+index 385a654..3809678 100644
+--- a/bugxml/data.txt
++++ b/bugxml/data.txt
+@@ -1,4 +1,26 @@
+ 
++id: DW202208-001
++cve:
++fuzzer: unspecified
++datereported: 2022-08-27
++reportedby: Han Zheng
++vulnerability: Double free in dwarfdump
++product: dwarfdump
++description: A carefully corrupted object file
++  would cause dwarfdump -vv -a 
++  to do a double free in handling an error condition.
++  That could cause a segmentation violation or other
++  major error, terminating the calling application and
++  resulting in Denial Of Service.
++datefixed: 
++references: regressiontests/hanzheng/fuzzedobject
++gitfixid: 
++tarrelease:
++endrec: DW202208-001
++
++
++
++
+ id: DW202010-003
+ cve: a cve id requested 29 Oct 2020
+ datereported: 2020-10-27
+-- 
+2.33.0
+
diff --git a/libdwarf.spec b/libdwarf.spec
index e38517b..9cc4ed3 100644
--- a/libdwarf.spec
+++ b/libdwarf.spec
@@ -1,10 +1,13 @@
 Name:          libdwarf
 Version:       20210528
-Release:       1
+Release:       2
 Summary:       Library to access DWARF debugging information
 License:       LGPLv2
 URL:           http://www.prevanders.net/dwarf.html
 Source0:       http://www.prevanders.net/%{name}-%{version}.tar.gz
+
+Patch0001:    CVE-2022-39170.patch
+
 BuildRequires: gcc binutils-devel elfutils-libelf-devel dos2unix
 
 %description
@@ -73,6 +76,13 @@ LD_LIBRARY_PATH=$PWD/libdwarf/.libs %__make check
 %{_mandir}/man1/dwarfdump.1.gz
 
 %changelog
+* Tue Sep 06 2022 qz_cx <wangqingzheng@kylinos.cn> - 20210528-2
+- Type:CVE
+- CVE:CVE-2022-39170
+- SUG:NA
+- DESC: fix CVE-2022-39170
+- fix CVE-2022-39170
+
 * Tue Jul 26 2022 panys<panyanshuang@nati-gba.cn> - 20210528-1
 - upgrade to version 20210528
 
-- 
Gitee