From 9277d921334f42958929f67c1dd4f4ed2ffd3a3a Mon Sep 17 00:00:00 2001
From: liningjie <liningjie@xfusion.com>
Date: Wed, 27 Sep 2023 15:39:59 +0800
Subject: [PATCH] fix CVE-2023-38665

---
 backport-CVE-2023-38665.patch | 54 +++++++++++++++++++++++++++++++++++
 nasm.spec                     |  6 +++-
 2 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-38665.patch

diff --git a/backport-CVE-2023-38665.patch b/backport-CVE-2023-38665.patch
new file mode 100644
index 0000000..e5d6fa5
--- /dev/null
+++ b/backport-CVE-2023-38665.patch
@@ -0,0 +1,54 @@
+From c8af73112027fad0ecbb277e9cba257678c405af Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@zytor.com>
+Date: Wed, 7 Dec 2022 10:23:46 -0800
+Subject: [PATCH] outieee: fix segfault on empty input
+
+Fix the IEEE backend crashing if the input file is empty.
+
+Signed-off-by: H. Peter Anvin <hpa@zytor.com>
+---
+ output/outieee.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/output/outieee.c b/output/outieee.c
+index 878a17a4..7ba90366 100644
+--- a/output/outieee.c
++++ b/output/outieee.c
+@@ -1,6 +1,6 @@
+ /* ----------------------------------------------------------------------- *
+  *
+- *   Copyright 1996-2016 The NASM Authors - All Rights Reserved
++ *   Copyright 1996-2022 The NASM Authors - All Rights Reserved
+  *   See the file AUTHORS included with the NASM distribution for
+  *   the specific copyright holders.
+  *
+@@ -936,7 +936,7 @@ static void ieee_write_file(void)
+      * Write the section headers
+      */
+     seg = seghead;
+-    if (!debuginfo && !strcmp(seg->name, "??LINE"))
++    if (!debuginfo && seg && !strcmp(seg->name, "??LINE"))
+         seg = seg->next;
+     while (seg) {
+         char buf[256];
+@@ -971,7 +971,7 @@ static void ieee_write_file(void)
+     /*
+      * write the start address if there is one
+      */
+-    if (ieee_entry_seg) {
++    if (ieee_entry_seg && seghead) {
+         for (seg = seghead; seg; seg = seg->next)
+             if (seg->index == ieee_entry_seg)
+                 break;
+@@ -1084,7 +1084,7 @@ static void ieee_write_file(void)
+      *  put out section data;
+      */
+     seg = seghead;
+-    if (!debuginfo && !strcmp(seg->name, "??LINE"))
++    if (!debuginfo && seg && !strcmp(seg->name, "??LINE"))
+         seg = seg->next;
+     while (seg) {
+         if (seg->currentpos) {
+-- 
+2.41.0.windows.3
+
diff --git a/nasm.spec b/nasm.spec
index 59a0a1a..fd34c25 100644
--- a/nasm.spec
+++ b/nasm.spec
@@ -8,7 +8,7 @@
 
 Name:     nasm
 Version:  2.15.03
-Release:  7
+Release:  8
 Summary:  The Netwide Assembler, a portable x86 assembler with Intel-like syntax
 License:  BSD
 URL:      http://www.nasm.us
@@ -23,6 +23,7 @@ Patch6004: fix-help-info-error.patch
 # https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d
 Patch6005: CVE-2022-44370.patch
 Patch6006: CVE-2020-21528.patch
+Patch6007: backport-CVE-2023-38665.patch
 
 #https://bugzilla.nasm.us/attachment.cgi?id=411648
 BuildRequires: perl(Env) autoconf asciidoc xmlto gcc make git
@@ -96,6 +97,9 @@ make test
 %{_mandir}/man1/ld*
 
 %changelog
+* Wed Sep 27 2023 liningjie <liningjie@xfusion.com> - 2.15.03-8
+- Fix CVE-2023-38665
+
 * Wed Aug 23 2023 hongjinghao <hongjinghao@huawei.com> - 2.15.03-7
 - Fix CVE-2020-21528
 
-- 
Gitee