packages/binutils
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-48064

Browse Source 
(cherry picked from commit 47e4c73208a666176ea0902b85c668413e0e8211)
This commit is contained in:
liningjie 2023-08-31 11:41:08 +08:00 committed by openeuler-sync-bot
parent 1a4e1fdcc7
commit 6bb9aa22e1
2 changed files with 60 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
backport-CVE-2022-48064.patch Normal file
View File

@ -0,0 +1,55 @@
From c732ae93a2592431f94b3d92759028551088c40e Mon Sep 17 00:00:00 2001
From: liningjie <liningjie@xfusion.com>
Date: Thu, 31 Aug 2023 11:36:07 +0800
Subject: [PATCH] PR29922, SHT_NOBITS section avoids section size sanity check
PR 29922
* dwarf2.c (find_debug_info): Ignore sections without
SEC_HAS_CONTENTS.
---
bfd/dwarf2.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
index dd3568a8..807e9539 100644
--- a/bfd/dwarf2.c
+++ b/bfd/dwarf2.c
@@ -3913,19 +3913,22 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
{
look = debug_sections[debug_info].uncompressed_name;
msec = bfd_get_section_by_name (abfd, look);
- if (msec != NULL)
+ /* Testing SEC_HAS_CONTENTS is an anti-fuzzer measure. Of
+ course debug sections always have contents. */
+ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
return msec;
look = debug_sections[debug_info].compressed_name;
if (look != NULL)
{
msec = bfd_get_section_by_name (abfd, look);
- if (msec != NULL)
+ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
return msec;
}
for (msec = abfd->sections; msec != NULL; msec = msec->next)
- if (CONST_STRNEQ (msec->name, GNU_LINKONCE_INFO))
+ if ((msec->flags & SEC_HAS_CONTENTS) != 0
+ && CONST_STRNEQ (msec->name, GNU_LINKONCE_INFO))
return msec;
return NULL;
@@ -3933,6 +3936,9 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
for (msec = after_sec->next; msec != NULL; msec = msec->next)
{
+ if ((msec->flags & SEC_HAS_CONTENTS) == 0)
+ continue;
+
look = debug_sections[debug_info].uncompressed_name;
if (strcmp (msec->name, look) == 0)
return msec;
--
2.42.0.windows.2

6
binutils.spec
View File

@ -1,7 +1,7 @@
Summary: Binary utilities
Name: binutils
Version: 2.34
Release: 26
Release: 27
License: GPLv3+
URL: https://sourceware.org/binutils
@ -63,6 +63,7 @@ Patch46: CVE-2022-47008.patch
Patch47: backport-CVE-2022-47011.patch
Patch48: backport-CVE-2022-47696.patch
Patch49: backport-CVE-2021-46174.patch
Patch50: backport-CVE-2022-48064.patch
Provides: bundled(libiberty)
@ -341,6 +342,9 @@ fi
%{_infodir}/bfd*info*
%changelog
* Thu Aug 31 2023 liningjie <liningjie@xfusion.com> - 2.34-27
- fix CVE-2022-48064
* Tue Aug 29 2023 liningjie <liningjie@xfusion.com> - 2.34-26
- fix CVE-2021-46174