From 1c9ea3bc07f857e01af8fc271c6e31a8f9180de0 Mon Sep 17 00:00:00 2001
From: liningjie <liningjie@xfusion.com>
Date: Sat, 26 Oct 2024 16:06:18 +0800
Subject: [PATCH] Fix CVE-2023-38665

---
 CVE-2023-38665.patch | 54 ++++++++++++++++++++++++++++++++++++++++++++
 nasm.spec            |  6 ++++-
 2 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2023-38665.patch

diff --git a/CVE-2023-38665.patch b/CVE-2023-38665.patch
new file mode 100644
index 0000000..5068a1f
--- /dev/null
+++ b/CVE-2023-38665.patch
@@ -0,0 +1,54 @@
+From c8af73112027fad0ecbb277e9cba257678c405af Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@zytor.com>
+Date: Wed, 7 Dec 2022 10:23:46 -0800
+Subject: [PATCH] outieee: fix segfault on empty input
+
+Fix the IEEE backend crashing if the input file is empty.
+
+Signed-off-by: H. Peter Anvin <hpa@zytor.com>
+---
+ output/outieee.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/output/outieee.c b/output/outieee.c
+index 878a17a4..7ba90366 100644
+--- a/output/outieee.c
++++ b/output/outieee.c
+@@ -1,6 +1,6 @@
+ /* ----------------------------------------------------------------------- *
+  *
+- *   Copyright 1996-2016 The NASM Authors - All Rights Reserved
++ *   Copyright 1996-2022 The NASM Authors - All Rights Reserved
+  *   See the file AUTHORS included with the NASM distribution for
+  *   the specific copyright holders.
+  *
+@@ -936,7 +936,7 @@ static void ieee_write_file(void)
+      * Write the section headers
+      */
+     seg = seghead;
+-    if (!debuginfo && !strcmp(seg->name, "??LINE"))
++    if (!debuginfo && seg && !strcmp(seg->name, "??LINE"))
+         seg = seg->next;
+     while (seg) {
+         char buf[256];
+@@ -971,7 +971,7 @@ static void ieee_write_file(void)
+     /*
+      * write the start address if there is one
+      */
+-    if (ieee_entry_seg) {
++    if (ieee_entry_seg && seghead) {
+         for (seg = seghead; seg; seg = seg->next)
+             if (seg->index == ieee_entry_seg)
+                 break;
+@@ -1084,7 +1084,7 @@ static void ieee_write_file(void)
+      *  put out section data;
+      */
+     seg = seghead;
+-    if (!debuginfo && !strcmp(seg->name, "??LINE"))
++    if (!debuginfo && seg && !strcmp(seg->name, "??LINE"))
+         seg = seg->next;
+     while (seg) {
+         if (seg->currentpos) {
+-- 
+2.27.0
+
diff --git a/nasm.spec b/nasm.spec
index d24b2cf..9d4c501 100644
--- a/nasm.spec
+++ b/nasm.spec
@@ -8,7 +8,7 @@
 
 Name:     nasm
 Version:  2.15.05
-Release:  6
+Release:  7
 Summary:  The Netwide Assembler, a portable x86 assembler with Intel-like syntax
 License:  BSD
 URL:      http://www.nasm.us
@@ -22,6 +22,7 @@ Patch6002: CVE-2022-44370.patch
 #https://bugzilla.nasm.us/attachment.cgi?id=411648
 
 Patch6003: CVE-2020-21528.patch
+Patch6004: CVE-2023-38665.patch
 
 BuildRequires: perl(Env) autoconf asciidoc xmlto gcc make git
 
@@ -94,6 +95,9 @@ make test
 %{_mandir}/man1/ld*
 
 %changelog
+* Sat Oct 26 2024 liningjie <liningjie@xfusion.com> - 2.15.05-7
+- Fix CVE-2023-38665
+
 * Wed Aug 23 2023 hongjinghao <hongjinghao@huawei.com> - 2.15.05-6
 - Fix CVE-2020-21528
 
-- 
Gitee