!75 [sync] PR-73: fix CVE-2023-39128

From: @openeuler-sync-bot Reviewed-by: @SuperSix173 Signed-off-by: @SuperSix173
2023-09-04 09:31:43 +00:00 · 2023-09-04 09:31:43 +00:00 · 11ef4729d7
commit 11ef4729d7
parent 4ff23e967f a896747618
2 changed files with 40 additions and 1 deletions
--- a/backport-CVE-2023-39128.patch
+++ b/backport-CVE-2023-39128.patch
@ -0,0 +1,35 @@
+From 97a2288fb7aa2078b5a63166819ed8b33fc71ab2 Mon Sep 17 00:00:00 2001
+From: liningjie <liningjie@xfusion.com>
+Date: Fri, 28 Jul 2023 14:00:03 +0800
+Subject: [PATCH] Avoid buffer overflow in ada_decode
+
+A bug report pointed out a buffer overflow in ada_decode, which Keith
+helpfully analyzed.  ada_decode had a logic error when the input was
+all digits.  While this isn't valid -- and would probably only appear
+in fuzzer tests -- it still should be handled properly.
+
+This patch adds a missing bounds check.  Tested with the self-tests in
+an asan build.
+
+Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30639
+Reviewed-by: Keith Seitz <keiths@redhat.com>
+---
+ gdb/ada-lang.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c
+index 0c2d4fc..1ff74ca 100644
+--- a/gdb/ada-lang.c
+++ b/gdb/ada-lang.c
+@@ -1184,7 +1184,7 @@ ada_decode (const char *encoded)
+         i -= 1;
+       if (i > 1 && encoded[i] == '_' && encoded[i - 1] == '_')
+         len0 = i - 1;
+-      else if (encoded[i] == '$')
+      else if (i >= 0 && encoded[i] == '$')
+         len0 = i;
+     }
+ 
+-- 
+2.33.0
+
--- a/gdb.spec
+++ b/gdb.spec
@ -1,6 +1,6 @@
 Name: gdb
 Version: 9.2
-Release: 3
+Release: 4

 License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and LGPLv3+ and BSD and Public Domain and GFDL-1.3
 Source: ftp://sourceware.org/pub/gdb/releases/gdb-%{version}.tar.xz
@ -147,6 +147,7 @@ Patch98:   gdb-rhbz1822715-fix-python-deprecation.patch
 Patch99:   gdb-rhbz1829702-fix-python39.patch
 Patch100:  gdb-rhbz1844458-use-fputX_unfiltered.patch
 Patch101:  gdb-rhbz1838777-debuginfod.patch
+Patch102:  backport-CVE-2023-39128.patch
 # Fedora patch end

 BuildRequires: rpm-libs autoconf
@ -394,6 +395,9 @@ rm -f $RPM_BUILD_ROOT%{_datadir}/gdb/python/gdb/command/backtrace.py
 %{_infodir}/gdb.info*

 %changelog
+* Sun Sep 3 2023 liningjie <liningjie@xfusion.com> - 9.2-4
+- fix CVE-2023-39128
+
 * Wed Mar 31 2021 xinghe <xinghe1@huawei.com> - 9.2-3
 - fix typo for name