packages/binutils
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2025-0840

Browse Source
This commit is contained in:
Funda Wang 2025-02-06 20:24:54 +08:00
parent 8a45bb5547
commit ed4feed18c
2 changed files with 58 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
backport-CVE-2025-0840.patch Normal file
View File

@ -0,0 +1,53 @@
From baac6c221e9d69335bf41366a1c7d87d8ab2f893 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Wed, 15 Jan 2025 19:13:43 +1030
Subject: [PATCH] PR32560 stack-buffer-overflow at objdump disassemble_bytes
There's always someone pushing the boundaries.
PR 32560
* objdump.c (MAX_INSN_WIDTH): Define.
(insn_width): Make it an unsigned long.
(disassemble_bytes): Use MAX_INSN_WIDTH to size buffer.
(main <OPTION_INSN_WIDTH>): Restrict size of insn_width.
---
binutils/objdump.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/binutils/objdump.c b/binutils/objdump.c
index ecbe39e942e..80044dea580 100644
--- a/binutils/objdump.c
+++ b/binutils/objdump.c
@@ -109,7 +109,8 @@
static int disassemble_zeroes; /* --disassemble-zeroes */
static bfd_boolean formats_info; /* -i */
static int wide_output; /* -w */
-static int insn_width; /* --insn-width */
+#define MAX_INSN_WIDTH 49
+static unsigned long insn_width; /* --insn-width */
static bfd_vma start_address = (bfd_vma) -1; /* --start-address */
static bfd_vma stop_address = (bfd_vma) -1; /* --stop-address */
static int dump_debugging; /* --debugging */
@@ -2738,7 +2739,7 @@
}
else
{
- char buf[50];
+ char buf[MAX_INSN_WIDTH + 1];
int bpc = 0;
int pb = 0;
@@ -5288,8 +5289,9 @@
break;
case OPTION_INSN_WIDTH:
insn_width = strtoul (optarg, NULL, 0);
- if (insn_width <= 0)
- fatal (_("error: instruction width must be positive"));
+ if (insn_width - 1 >= MAX_INSN_WIDTH)
+ fatal (_("error: instruction width must be in the range 1 to "
+ XSTRING (MAX_INSN_WIDTH)));
break;
case OPTION_INLINES:
unwind_inlines = TRUE;
--
2.43.5

6
binutils.spec
View File

@ -1,7 +1,7 @@
Summary: Binary utilities Summary: Binary utilities
Name: binutils Name: binutils
Version: 2.34 Version: 2.34
Release: 32 Release: 33
License: GPLv3+ License: GPLv3+
URL: https://sourceware.org/binutils URL: https://sourceware.org/binutils
@ -69,6 +69,7 @@ Patch52: backport-ubsan-shift-exponent-70-is-too-large.patch
Patch53: backport-ubsan-shift-exponent-is-too-large.patch Patch53: backport-ubsan-shift-exponent-is-too-large.patch
Patch54: backport-asan-readelf-use-after-free-in-process_archive.patch Patch54: backport-asan-readelf-use-after-free-in-process_archive.patch
Patch55: CVE-2022-44840.patch Patch55: CVE-2022-44840.patch
Patch56: backport-CVE-2025-0840.patch
Provides: bundled(libiberty) Provides: bundled(libiberty)
@ -323,6 +324,9 @@ fi
%{_infodir}/bfd*info* %{_infodir}/bfd*info*
%changelog %changelog
* Thu Feb 06 2025 Funda Wang <fundawang@yeah.net> - 2.34-33
- fix CVE-2025-0840
* Fri Oct 25 2024 Linux_zhang <zhangruifang@h-partners.com> - 2.34-32 * Fri Oct 25 2024 Linux_zhang <zhangruifang@h-partners.com> - 2.34-32
- fix CVE-2022-44840 - fix CVE-2022-44840