From ba8e6205ff04facccd7d9ab9d1b1817488846c29 Mon Sep 17 00:00:00 2001
From: dengyuyu <yuyu.deng@epro.com.cn>
Date: Fri, 22 Jul 2022 18:21:14 +0800
Subject: [PATCH 1/2] fix CVE-2019-17451

---
 CVE-2019-17451.patch | 21 +++++++++++++++++++++
 mingw-binutils.spec  |  7 +++++--
 2 files changed, 26 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2019-17451.patch

diff --git a/CVE-2019-17451.patch b/CVE-2019-17451.patch
new file mode 100644
index 0000000..593206e
--- /dev/null
+++ b/CVE-2019-17451.patch
@@ -0,0 +1,21 @@
+diff -Naru "binutils-2.32 copy/bfd/dwarf2.c" binutils-2.32/bfd/dwarf2.c
+--- "binutils-2.32 copy/bfd/dwarf2.c"	2022-07-22 16:04:52.129812000 +0800
++++ binutils-2.32/bfd/dwarf2.c	2022-07-22 16:48:12.165638000 +0800
+@@ -4426,7 +4426,16 @@
+      for (total_size = 0;
+	   msec;
+	   msec = find_debug_info (debug_bfd, debug_sections, msec))
+-	total_size += msec->size;
+      {
+         /* Catch PR25070 testcase overflowing size calculation here.  */
+         if (total_size + msec->size < total_size
+             || total_size + msec->size < msec->size)
+           {
+             bfd_set_error (bfd_error_no_memory);
+            return FALSE;
+         }
+         total_size += msec->size;
+      }
+ 
+       stash->info_ptr_memory = (bfd_byte *) bfd_malloc (total_size);
+       if (stash->info_ptr_memory == NULL)
diff --git a/mingw-binutils.spec b/mingw-binutils.spec
index f8322e7..f60796b 100644
--- a/mingw-binutils.spec
+++ b/mingw-binutils.spec
@@ -2,7 +2,7 @@
 
 Name:           mingw-binutils
 Version:        2.32
-Release:        7%{?dist}
+Release:        8%{?dist}
 Summary:        Cross-compiled version of binutils for Win32 and Win64 environments
 
 License:        GPLv2+ and LGPLv2+ and GPLv3+ and LGPLv3+
@@ -149,7 +149,7 @@ Patch28: binutils-CVE-2019-14250.patch
 # Purpose: Add check to readelf in order to prevent an integer overflow.
 # Lifetime: Fixed in 2.33
 Patch29: binutils-CVE-2019-14444.patch
-
+Patch30: CVE-2019-17451.patch
 ### MINGW specific patches
 
 # Backport https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=999d6dff80fab12d22c2a8d91923db6bde7fb3e5
@@ -399,5 +399,8 @@ rm -rf $RPM_BUILD_ROOT/multilib
 
 
 %changelog
+* Fri Jul 22 2022 dengyuyu <yuyu.deng@epro.com.cn> -2.32.8
+- fix CVE-2019-17451
+
 * Thu Oct 08 2020 Zhiyi Weng <zhiyi@iscas.ac.cn> - 2.32-7
 - Initial version
-- 
Gitee


From ad464013171e38f33cface6c6ea863f2c0ce295a Mon Sep 17 00:00:00 2001
From: dengyuyu <yuyu.deng@epro.com.cn>
Date: Mon, 25 Jul 2022 09:00:24 +0800
Subject: [PATCH 2/2] fix CVE-2019-17451

---
 mingw-binutils.spec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mingw-binutils.spec b/mingw-binutils.spec
index f60796b..d1337b8 100644
--- a/mingw-binutils.spec
+++ b/mingw-binutils.spec
@@ -149,7 +149,7 @@ Patch28: binutils-CVE-2019-14250.patch
 # Purpose: Add check to readelf in order to prevent an integer overflow.
 # Lifetime: Fixed in 2.33
 Patch29: binutils-CVE-2019-14444.patch
-Patch30: CVE-2019-17451.patch
+
 ### MINGW specific patches
 
 # Backport https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=999d6dff80fab12d22c2a8d91923db6bde7fb3e5
@@ -158,7 +158,7 @@ Patch100:       0001-Plugin-target-handling.patch
 # Backport https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=2219ae0b0ebe14373850b000c2abaa31dab1d741
 # Fixes an LTO issue (#1475237)
 Patch101:         binutils_24267.patch
-
+Patch102:         CVE-2019-17451.patch
 BuildRequires:  gcc
 BuildRequires:  flex
 BuildRequires:  bison
-- 
Gitee