fix CVE-2025-0840
This commit is contained in:
Funda Wang
parent
8a45bb5547
commit
ed4feed18c
53
backport-CVE-2025-0840.patch
Normal file
53
backport-CVE-2025-0840.patch
Normal file
@ -0,0 +1,53 @@
|
||||
From baac6c221e9d69335bf41366a1c7d87d8ab2f893 Mon Sep 17 00:00:00 2001
|
||||
From: Alan Modra <amodra@gmail.com>
|
||||
Date: Wed, 15 Jan 2025 19:13:43 +1030
|
||||
Subject: [PATCH] PR32560 stack-buffer-overflow at objdump disassemble_bytes
|
||||
|
||||
There's always someone pushing the boundaries.
|
||||
|
||||
PR 32560
|
||||
* objdump.c (MAX_INSN_WIDTH): Define.
|
||||
(insn_width): Make it an unsigned long.
|
||||
(disassemble_bytes): Use MAX_INSN_WIDTH to size buffer.
|
||||
(main <OPTION_INSN_WIDTH>): Restrict size of insn_width.
|
||||
---
|
||||
binutils/objdump.c | 10 ++++++----
|
||||
1 file changed, 6 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/binutils/objdump.c b/binutils/objdump.c
|
||||
index ecbe39e942e..80044dea580 100644
|
||||
--- a/binutils/objdump.c
|
||||
+++ b/binutils/objdump.c
|
||||
@@ -109,7 +109,8 @@
|
||||
static int disassemble_zeroes; /* --disassemble-zeroes */
|
||||
static bfd_boolean formats_info; /* -i */
|
||||
static int wide_output; /* -w */
|
||||
-static int insn_width; /* --insn-width */
|
||||
+#define MAX_INSN_WIDTH 49
|
||||
+static unsigned long insn_width; /* --insn-width */
|
||||
static bfd_vma start_address = (bfd_vma) -1; /* --start-address */
|
||||
static bfd_vma stop_address = (bfd_vma) -1; /* --stop-address */
|
||||
static int dump_debugging; /* --debugging */
|
||||
@@ -2738,7 +2739,7 @@
|
||||
}
|
||||
else
|
||||
{
|
||||
- char buf[50];
|
||||
+ char buf[MAX_INSN_WIDTH + 1];
|
||||
int bpc = 0;
|
||||
int pb = 0;
|
||||
|
||||
@@ -5288,8 +5289,9 @@
|
||||
break;
|
||||
case OPTION_INSN_WIDTH:
|
||||
insn_width = strtoul (optarg, NULL, 0);
|
||||
- if (insn_width <= 0)
|
||||
- fatal (_("error: instruction width must be positive"));
|
||||
+ if (insn_width - 1 >= MAX_INSN_WIDTH)
|
||||
+ fatal (_("error: instruction width must be in the range 1 to "
|
||||
+ XSTRING (MAX_INSN_WIDTH)));
|
||||
break;
|
||||
case OPTION_INLINES:
|
||||
unwind_inlines = TRUE;
|
||||
--
|
||||
2.43.5
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: Binary utilities
|
||||
Name: binutils
|
||||
Version: 2.34
|
||||
Release: 32
|
||||
Release: 33
|
||||
License: GPLv3+
|
||||
URL: https://sourceware.org/binutils
|
||||
|
||||
@ -69,6 +69,7 @@ Patch52: backport-ubsan-shift-exponent-70-is-too-large.patch
|
||||
Patch53: backport-ubsan-shift-exponent-is-too-large.patch
|
||||
Patch54: backport-asan-readelf-use-after-free-in-process_archive.patch
|
||||
Patch55: CVE-2022-44840.patch
|
||||
Patch56: backport-CVE-2025-0840.patch
|
||||
|
||||
Provides: bundled(libiberty)
|
||||
|
||||
@ -323,6 +324,9 @@ fi
|
||||
%{_infodir}/bfd*info*
|
||||
|
||||
%changelog
|
||||
* Thu Feb 06 2025 Funda Wang <fundawang@yeah.net> - 2.34-33
|
||||
- fix CVE-2025-0840
|
||||
|
||||
* Fri Oct 25 2024 Linux_zhang <zhangruifang@h-partners.com> - 2.34-32
|
||||
- fix CVE-2022-44840
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user