binutils: fix multiple cve

Fix below CVE's CVE-2022-47007 CVE-2022-47008 CVE-2022-47010 CVE-2022-47011 CVE-2022-48063 CVE-2022-47695 (From OE-Core rev: 873163936937a583278e3cd97c6226935f2faa0c) Signed-off-by: Virendra Thakur <virendrak@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Virendra Thakur <virendrak@kpit.com> 2023-12-22 12:40:41 +0530
committer: Steve Sakoman <steve@sakoman.com> 2023-12-29 05:29:14 -1000
commit: 0aa12e491969eac7050b6b2c6665a3fdbc070c3d (patch)
tree: 000047927b0dfdd2185bd1f56366d6203532c67b
parent: 3433d043c7ecd8368400be5dcc3a9705b237dd57 (diff)
download: poky-0aa12e491969eac7050b6b2c6665a3fdbc070c3d.tar.gz
7 files changed, 273 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc b/meta/recipes-devtools/binutils/binutils-2.34.inc
index 4824db6dcf..032263fe63 100644
--- a/meta/recipes-devtools/binutils/binutils-2.34.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.34.inc
@@ -56,5 +56,11 @@ SRC_URI = "\
     file://CVE-2023-25588.patch \
     file://CVE-2021-46174.patch \
     file://CVE-2023-25584.patch \
+     file://CVE-2022-47007.patch \
+     file://CVE-2022-47008.patch \
+     file://CVE-2022-47010.patch \
+     file://CVE-2022-47011.patch \
+     file://CVE-2022-48063.patch \
+     file://CVE-2022-47695.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47007.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47007.patch
new file mode 100644
index 0000000000..ddb564bc8c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47007.patch
@@ -0,0 +1,32 @@
+From 0ebc886149c22aceaf8ed74267821a59ca9d03eb Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Fri, 17 Jun 2022 09:00:41 +0930
+Subject: [PATCH] PR29254, memory leak in stab_demangle_v3_arg
+        PR 29254
+        * stabs.c (stab_demangle_v3_arg): Free dt on failure path.
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb]
+CVE: CVE-2022-47007
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Patch refreshed based on codebase.
+---
+ binutils/stabs.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index 2b5241637c1..796ff85b86a 100644
+--- a/binutils/stabs.c
+++ b/binutils/stabs.c
+@@ -5476,7 +5476,10 @@
+                                          dc->u.s_binary.right,
+                                          &varargs);
+        if (pargs == NULL)
+-         return NULL;
+         {
+           free (dt);
+           return NULL;
+         }
+ 
+        return debug_make_function_type (dhandle, dt, pargs, varargs);
+       }
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch
new file mode 100644
index 0000000000..9527390ccf
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch
@@ -0,0 +1,64 @@
+From d6e1d48c83b165c129cb0aa78905f7ca80a1f682 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Fri, 17 Jun 2022 09:13:38 +0930
+Subject: [PATCH] PR29255, memory leak in make_tempdir
+        PR 29255
+        * bucomm.c (make_tempdir, make_tempname): Free template on all
+        failure paths.
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682]
+CVE: CVE-2022-47008
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Patch refreshed based on codebase.
+---
+ binutils/bucomm.c | 20 +++++++++++---------
+ 1 file changed, 11 insertions(+), 9 deletions(-)
+diff --git a/binutils/bucomm.c b/binutils/bucomm.c
+index fdc2209df9c..4395cb9f7f5 100644
+--- a/binutils/bucomm.c
+++ b/binutils/bucomm.c
+@@ -542,8 +542,9 @@
+ #else
+   tmpname = mktemp (tmpname);
+   if (tmpname == NULL)
+-    return NULL;
+-  fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600);
+    fd = -1;
+  else
+    fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600);
+ #endif
+   if (fd == -1)
+     {
+@@ -561,22 +562,23 @@
+ make_tempdir (const char *filename)
+ {
+   char *tmpname = template_in_dir (filename);
+  char *ret;
+ 
+ #ifdef HAVE_MKDTEMP
+-  return mkdtemp (tmpname);
+  ret = mkdtemp (tmpname);
+ #else
+-  tmpname = mktemp (tmpname);
+-  if (tmpname == NULL)
+-    return NULL;
+  ret = mktemp (tmpname);
+ #if defined (_WIN32) && !defined (__CYGWIN32__)
+   if (mkdir (tmpname) != 0)
+-    return NULL;
+    ret = NULL;
+ #else
+   if (mkdir (tmpname, 0700) != 0)
+-    return NULL;
+    ret = NULL;
+ #endif
+-  return tmpname;
+ #endif
+  if (ret == NULL)
+    free (tmpname);
+  return ret;
+ }
+ 
+ /* Parse a string into a VMA, with a fatal error if it can't be
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47010.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47010.patch
new file mode 100644
index 0000000000..d831ed4756
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47010.patch
@@ -0,0 +1,34 @@
+From 0d02e70b197c786f26175b9a73f94e01d14abdab Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 20 Jun 2022 10:39:31 +0930
+Subject: [PATCH] PR29262, memory leak in pr_function_type
+        PR 29262
+        * prdbg.c (pr_function_type): Free "s" on failure path.
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0d02e70b197c786f26175b9a73f94e01d14abdab]
+CVE: CVE-2022-47010
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Patch refreshed based on codebase.
+---
+ binutils/prdbg.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+diff --git a/binutils/prdbg.c b/binutils/prdbg.c
+index c1e41628d26..bb42a5b6c2d 100644
+--- a/binutils/prdbg.c
+++ b/binutils/prdbg.c
+@@ -778,12 +778,9 @@
+ 
+   strcat (s, ")");
+ 
+-  if (! substitute_type (info, s))
+-    return FALSE;
+-
+  bfd_boolean ret = substitute_type (info, s);
+   free (s);
+-
+-  return TRUE;
+  return ret;
+ }
+ 
+ /* Turn the top type on the stack into a reference to that type.  */
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47011.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47011.patch
new file mode 100644
index 0000000000..250756bd38
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47011.patch
@@ -0,0 +1,31 @@
+From 8a24927bc8dbf6beac2000593b21235c3796dc35 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 20 Jun 2022 10:39:13 +0930
+Subject: [PATCH] PR29261, memory leak in parse_stab_struct_fields
+        PR 29261
+        * stabs.c (parse_stab_struct_fields): Free "fields" on failure path.
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8a24927bc8dbf6beac2000593b21235c3796dc35]
+CVE: CVE-2022-47011
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Patch refreshed based on codebase.
+---
+ binutils/stabs.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index 796ff85b86a..bf3f578cbcc 100644
+--- a/binutils/stabs.c
+++ b/binutils/stabs.c
+@@ -2368,7 +2368,10 @@
+ 
+       if (! parse_stab_one_struct_field (dhandle, info, pp, p, fields + c,
+                                         staticsp, p_end))
+-       return FALSE;
+       {
+         free (fields);
+         return FALSE;
+       }
+ 
+       ++c;
+     }
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch
new file mode 100644
index 0000000000..101a4cdb4e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch
@@ -0,0 +1,57 @@
+From 3d3af4ba39e892b1c544d667ca241846bc3df386 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 4 Dec 2022 22:15:40 +1030
+Subject: [PATCH] PR29846, segmentation fault in objdump.c compare_symbols
+Fixes a fuzzed object file problem where plt relocs were manipulated
+in such a way that two synthetic symbols were generated at the same
+plt location.  Won't occur in real object files.
+        PR 29846
+        PR 20337
+        * objdump.c (compare_symbols): Test symbol flags to exclude
+        section and synthetic symbols before attempting to check flavour.
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=3d3af4ba39e892b1c544d667ca241846bc3df386]
+CVE: CVE-2022-47695
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Patch refreshed based on codebase.
+---
+ binutils/objdump.c | 23 ++++++++++-------------
+ 1 file changed, 10 insertions(+), 13 deletions(-)
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+index e8481b2d928..d95c8b68bf0 100644
+--- a/binutils/objdump.c
+++ b/binutils/objdump.c
+@@ -935,20 +935,17 @@
+        return 1;
+     }
+ 
+-  if (bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour
+  /* Sort larger size ELF symbols before smaller.  See PR20337.  */
+  bfd_vma asz = 0;
+  if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
+      && bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour)
+    asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
+  bfd_vma bsz = 0;
+  if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
+       && bfd_get_flavour (bfd_asymbol_bfd (b)) == bfd_target_elf_flavour)
+-    {
+-      bfd_vma asz, bsz;
+-
+-      asz = 0;
+-      if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
+-       asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
+-      bsz = 0;
+-      if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
+-       bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
+-      if (asz != bsz)
+-       return asz > bsz ? -1 : 1;
+-    }
+    bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
+  if (asz != bsz)
+    return asz > bsz ? -1 : 1;
+ 
+   /* Symbols that start with '.' might be section names, so sort them
+      after symbols that don't start with '.'.  */
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch
new file mode 100644
index 0000000000..f41c02a02b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch
@@ -0,0 +1,49 @@
+From 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 21 Dec 2022 11:51:23 +0000
+Subject: [PATCH] Fix an attempt to allocate an unreasonably large amount of
+ memory when parsing a corrupt ELF file.
+        PR  29924
+        * objdump.c (load_specific_debug_section): Check for excessively
+        large sections.
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd]
+CVE: CVE-2022-48063
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Patch refreshed based on codebase.
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/objdump.c | 4 +++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+diff --git a/binutils/ChangeLog b/binutils/ChangeLog
+index e7f918d3f65..020e09f3700 100644
+--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
+@@ -1,3 +1,9 @@
+2022-12-21  Nick Clifton  <nickc@redhat.com>
+
+       PR  29924
+       * objdump.c (load_specific_debug_section): Check for excessively
+       large sections.
+
+ 2021-02-11  Alan Modra  <amodra@gmail.com>
+ 
+           PR 27290
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+index d51abbe3858..2eb02de0e76 100644
+--- a/binutils/objdump.c
+++ b/binutils/objdump.c
+@@ -3479,7 +3479,9 @@
+   section->size = bfd_section_size (sec);
+   /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */
+   alloced = amt = section->size + 1;
+-  if (alloced != amt || alloced == 0)
+  if (alloced != amt
+      || alloced == 0
+      || (bfd_get_size (abfd) != 0 && alloced >= bfd_get_size (abfd)))
+     {
+       section->start = NULL;
+       free_debug_section (debug);
author	Virendra Thakur <virendrak@kpit.com>	2023-12-22 12:40:41 +0530
committer	Steve Sakoman <steve@sakoman.com>	2023-12-29 05:29:14 -1000
commit	0aa12e491969eac7050b6b2c6665a3fdbc070c3d (patch)
tree	000047927b0dfdd2185bd1f56366d6203532c67b
parent	3433d043c7ecd8368400be5dcc3a9705b237dd57 (diff)
download	poky-0aa12e491969eac7050b6b2c6665a3fdbc070c3d.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc b/meta/recipes-devtools/binutils/binutils-2.34.inc index 4824db6dcf..032263fe63 100644 --- a/meta/recipes-devtools/binutils/binutils-2.34.inc +++ b/meta/recipes-devtools/binutils/binutils-2.34.inc
@@ -56,5 +56,11 @@ SRC_URI = "\
56	file://CVE-2023-25588.patch \	56	file://CVE-2023-25588.patch \
57	file://CVE-2021-46174.patch \	57	file://CVE-2021-46174.patch \
58	file://CVE-2023-25584.patch \	58	file://CVE-2023-25584.patch \
		59	file://CVE-2022-47007.patch \
		60	file://CVE-2022-47008.patch \
		61	file://CVE-2022-47010.patch \
		62	file://CVE-2022-47011.patch \
		63	file://CVE-2022-48063.patch \
		64	file://CVE-2022-47695.patch \
59	"	65	"
60	S = "${WORKDIR}/git"	66	S = "${WORKDIR}/git"


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47007.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47007.patch new file mode 100644 index 0000000000..ddb564bc8c --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47007.patch
@@ -0,0 +1,32 @@
		1	From 0ebc886149c22aceaf8ed74267821a59ca9d03eb Mon Sep 17 00:00:00 2001
		2	From: Alan Modra <amodra@gmail.com>
		3	Date: Fri, 17 Jun 2022 09:00:41 +0930
		4	Subject: [PATCH] PR29254, memory leak in stab_demangle_v3_arg
		5
		6	PR 29254
		7	* stabs.c (stab_demangle_v3_arg): Free dt on failure path.
		8	Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb]
		9	CVE: CVE-2022-47007
		10	Signed-off-by: Virendra Thakur <virendrak@kpit.com>
		11	Comment: Patch refreshed based on codebase.
		12	---
		13	binutils/stabs.c \| 5 ++++-
		14	1 file changed, 4 insertions(+), 1 deletion(-)
		15
		16	diff --git a/binutils/stabs.c b/binutils/stabs.c
		17	index 2b5241637c1..796ff85b86a 100644
		18	--- a/binutils/stabs.c
		19	+++ b/binutils/stabs.c
		20	@@ -5476,7 +5476,10 @@
		21	dc->u.s_binary.right,
		22	&varargs);
		23	if (pargs == NULL)
		24	- return NULL;
		25	+ {
		26	+ free (dt);
		27	+ return NULL;
		28	+ }
		29
		30	return debug_make_function_type (dhandle, dt, pargs, varargs);
		31	}
		32


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch new file mode 100644 index 0000000000..9527390ccf --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47008.patch
@@ -0,0 +1,64 @@
		1	From d6e1d48c83b165c129cb0aa78905f7ca80a1f682 Mon Sep 17 00:00:00 2001
		2	From: Alan Modra <amodra@gmail.com>
		3	Date: Fri, 17 Jun 2022 09:13:38 +0930
		4	Subject: [PATCH] PR29255, memory leak in make_tempdir
		5
		6	PR 29255
		7	* bucomm.c (make_tempdir, make_tempname): Free template on all
		8	failure paths.
		9	Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682]
		10	CVE: CVE-2022-47008
		11	Signed-off-by: Virendra Thakur <virendrak@kpit.com>
		12	Comment: Patch refreshed based on codebase.
		13	---
		14	binutils/bucomm.c \| 20 +++++++++++---------
		15	1 file changed, 11 insertions(+), 9 deletions(-)
		16
		17	diff --git a/binutils/bucomm.c b/binutils/bucomm.c
		18	index fdc2209df9c..4395cb9f7f5 100644
		19	--- a/binutils/bucomm.c
		20	+++ b/binutils/bucomm.c
		21	@@ -542,8 +542,9 @@
		22	#else
		23	tmpname = mktemp (tmpname);
		24	if (tmpname == NULL)
		25	- return NULL;
		26	- fd = open (tmpname, O_RDWR \| O_CREAT \| O_EXCL, 0600);
		27	+ fd = -1;
		28	+ else
		29	+ fd = open (tmpname, O_RDWR \| O_CREAT \| O_EXCL, 0600);
		30	#endif
		31	if (fd == -1)
		32	{
		33	@@ -561,22 +562,23 @@
		34	make_tempdir (const char *filename)
		35	{
		36	char *tmpname = template_in_dir (filename);
		37	+ char *ret;
		38
		39	#ifdef HAVE_MKDTEMP
		40	- return mkdtemp (tmpname);
		41	+ ret = mkdtemp (tmpname);
		42	#else
		43	- tmpname = mktemp (tmpname);
		44	- if (tmpname == NULL)
		45	- return NULL;
		46	+ ret = mktemp (tmpname);
		47	#if defined (_WIN32) && !defined (__CYGWIN32__)
		48	if (mkdir (tmpname) != 0)
		49	- return NULL;
		50	+ ret = NULL;
		51	#else
		52	if (mkdir (tmpname, 0700) != 0)
		53	- return NULL;
		54	+ ret = NULL;
		55	#endif
		56	- return tmpname;
		57	#endif
		58	+ if (ret == NULL)
		59	+ free (tmpname);
		60	+ return ret;
		61	}
		62
		63	/* Parse a string into a VMA, with a fatal error if it can't be
		64


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47010.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47010.patch new file mode 100644 index 0000000000..d831ed4756 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47010.patch
@@ -0,0 +1,34 @@
		1	From 0d02e70b197c786f26175b9a73f94e01d14abdab Mon Sep 17 00:00:00 2001
		2	From: Alan Modra <amodra@gmail.com>
		3	Date: Mon, 20 Jun 2022 10:39:31 +0930
		4	Subject: [PATCH] PR29262, memory leak in pr_function_type
		5
		6	PR 29262
		7	* prdbg.c (pr_function_type): Free "s" on failure path.
		8	Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0d02e70b197c786f26175b9a73f94e01d14abdab]
		9	CVE: CVE-2022-47010
		10	Signed-off-by: Virendra Thakur <virendrak@kpit.com>
		11	Comment: Patch refreshed based on codebase.
		12	---
		13	binutils/prdbg.c \| 7 ++-----
		14	1 file changed, 2 insertions(+), 5 deletions(-)
		15
		16	diff --git a/binutils/prdbg.c b/binutils/prdbg.c
		17	index c1e41628d26..bb42a5b6c2d 100644
		18	--- a/binutils/prdbg.c
		19	+++ b/binutils/prdbg.c
		20	@@ -778,12 +778,9 @@
		21
		22	strcat (s, ")");
		23
		24	- if (! substitute_type (info, s))
		25	- return FALSE;
		26	-
		27	+ bfd_boolean ret = substitute_type (info, s);
		28	free (s);
		29	-
		30	- return TRUE;
		31	+ return ret;
		32	}
		33
		34	/* Turn the top type on the stack into a reference to that type. */


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47011.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47011.patch new file mode 100644 index 0000000000..250756bd38 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47011.patch
@@ -0,0 +1,31 @@
		1	From 8a24927bc8dbf6beac2000593b21235c3796dc35 Mon Sep 17 00:00:00 2001
		2	From: Alan Modra <amodra@gmail.com>
		3	Date: Mon, 20 Jun 2022 10:39:13 +0930
		4	Subject: [PATCH] PR29261, memory leak in parse_stab_struct_fields
		5
		6	PR 29261
		7	* stabs.c (parse_stab_struct_fields): Free "fields" on failure path.
		8	Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8a24927bc8dbf6beac2000593b21235c3796dc35]
		9	CVE: CVE-2022-47011
		10	Signed-off-by: Virendra Thakur <virendrak@kpit.com>
		11	Comment: Patch refreshed based on codebase.
		12	---
		13	binutils/stabs.c \| 5 ++++-
		14	1 file changed, 4 insertions(+), 1 deletion(-)
		15
		16	diff --git a/binutils/stabs.c b/binutils/stabs.c
		17	index 796ff85b86a..bf3f578cbcc 100644
		18	--- a/binutils/stabs.c
		19	+++ b/binutils/stabs.c
		20	@@ -2368,7 +2368,10 @@
		21
		22	if (! parse_stab_one_struct_field (dhandle, info, pp, p, fields + c,
		23	staticsp, p_end))
		24	- return FALSE;
		25	+ {
		26	+ free (fields);
		27	+ return FALSE;
		28	+ }
		29
		30	++c;
		31	}


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch new file mode 100644 index 0000000000..101a4cdb4e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch
@@ -0,0 +1,57 @@
		1	From 3d3af4ba39e892b1c544d667ca241846bc3df386 Mon Sep 17 00:00:00 2001
		2	From: Alan Modra <amodra@gmail.com>
		3	Date: Sun, 4 Dec 2022 22:15:40 +1030
		4	Subject: [PATCH] PR29846, segmentation fault in objdump.c compare_symbols
		5
		6	Fixes a fuzzed object file problem where plt relocs were manipulated
		7	in such a way that two synthetic symbols were generated at the same
		8	plt location. Won't occur in real object files.
		9
		10	PR 29846
		11	PR 20337
		12	* objdump.c (compare_symbols): Test symbol flags to exclude
		13	section and synthetic symbols before attempting to check flavour.
		14	Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=3d3af4ba39e892b1c544d667ca241846bc3df386]
		15	CVE: CVE-2022-47695
		16	Signed-off-by: Virendra Thakur <virendrak@kpit.com>
		17	Comment: Patch refreshed based on codebase.
		18	---
		19	binutils/objdump.c \| 23 ++++++++++-------------
		20	1 file changed, 10 insertions(+), 13 deletions(-)
		21
		22	diff --git a/binutils/objdump.c b/binutils/objdump.c
		23	index e8481b2d928..d95c8b68bf0 100644
		24	--- a/binutils/objdump.c
		25	+++ b/binutils/objdump.c
		26	@@ -935,20 +935,17 @@
		27	return 1;
		28	}
		29
		30	- if (bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour
		31	+ /* Sort larger size ELF symbols before smaller. See PR20337. */
		32	+ bfd_vma asz = 0;
		33	+ if ((a->flags & (BSF_SECTION_SYM \| BSF_SYNTHETIC)) == 0
		34	+ && bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour)
		35	+ asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
		36	+ bfd_vma bsz = 0;
		37	+ if ((b->flags & (BSF_SECTION_SYM \| BSF_SYNTHETIC)) == 0
		38	&& bfd_get_flavour (bfd_asymbol_bfd (b)) == bfd_target_elf_flavour)
		39	- {
		40	- bfd_vma asz, bsz;
		41	-
		42	- asz = 0;
		43	- if ((a->flags & (BSF_SECTION_SYM \| BSF_SYNTHETIC)) == 0)
		44	- asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
		45	- bsz = 0;
		46	- if ((b->flags & (BSF_SECTION_SYM \| BSF_SYNTHETIC)) == 0)
		47	- bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
		48	- if (asz != bsz)
		49	- return asz > bsz ? -1 : 1;
		50	- }
		51	+ bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
		52	+ if (asz != bsz)
		53	+ return asz > bsz ? -1 : 1;
		54
		55	/* Symbols that start with '.' might be section names, so sort them
		56	after symbols that don't start with '.'. */
		57


diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch new file mode 100644 index 0000000000..f41c02a02b --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch
@@ -0,0 +1,49 @@
		1	From 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Wed, 21 Dec 2022 11:51:23 +0000
		4	Subject: [PATCH] Fix an attempt to allocate an unreasonably large amount of
		5	memory when parsing a corrupt ELF file.
		6
		7	PR 29924
		8	* objdump.c (load_specific_debug_section): Check for excessively
		9	large sections.
		10	Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd]
		11	CVE: CVE-2022-48063
		12	Signed-off-by: Virendra Thakur <virendrak@kpit.com>
		13	Comment: Patch refreshed based on codebase.
		14	---
		15	binutils/ChangeLog \| 6 ++++++
		16	binutils/objdump.c \| 4 +++-
		17	2 files changed, 9 insertions(+), 1 deletion(-)
		18
		19	diff --git a/binutils/ChangeLog b/binutils/ChangeLog
		20	index e7f918d3f65..020e09f3700 100644
		21	--- a/binutils/ChangeLog
		22	+++ b/binutils/ChangeLog
		23	@@ -1,3 +1,9 @@
		24	+2022-12-21 Nick Clifton <nickc@redhat.com>
		25	+
		26	+ PR 29924
		27	+ * objdump.c (load_specific_debug_section): Check for excessively
		28	+ large sections.
		29	+
		30	2021-02-11 Alan Modra <amodra@gmail.com>
		31
		32	PR 27290
		33
		34	diff --git a/binutils/objdump.c b/binutils/objdump.c
		35	index d51abbe3858..2eb02de0e76 100644
		36	--- a/binutils/objdump.c
		37	+++ b/binutils/objdump.c
		38	@@ -3479,7 +3479,9 @@
		39	section->size = bfd_section_size (sec);
		40	/* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */
		41	alloced = amt = section->size + 1;
		42	- if (alloced != amt \|\| alloced == 0)
		43	+ if (alloced != amt
		44	+ \|\| alloced == 0
		45	+ \|\| (bfd_get_size (abfd) != 0 && alloced >= bfd_get_size (abfd)))
		46	{
		47	section->start = NULL;
		48	free_debug_section (debug);
		49