diff options
-rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.38.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch | 54 |
2 files changed, 55 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index 69fb8539ba..408b503644 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc | |||
@@ -53,5 +53,6 @@ SRC_URI = "\ | |||
53 | file://0022-CVE-2023-25584-1.patch \ | 53 | file://0022-CVE-2023-25584-1.patch \ |
54 | file://0022-CVE-2023-25584-2.patch \ | 54 | file://0022-CVE-2023-25584-2.patch \ |
55 | file://0022-CVE-2023-25584-3.patch \ | 55 | file://0022-CVE-2023-25584-3.patch \ |
56 | file://0023-CVE-2023-25585.patch \ | ||
56 | " | 57 | " |
57 | S = "${WORKDIR}/git" | 58 | S = "${WORKDIR}/git" |
diff --git a/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch b/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch new file mode 100644 index 0000000000..e31a027b9f --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch | |||
@@ -0,0 +1,54 @@ | |||
1 | From: Alan Modra <amodra@gmail.com> | ||
2 | Date: Mon, 12 Dec 2022 08:31:08 +0000 (+1030) | ||
3 | Subject: PR29892, Field file_table of struct module is uninitialized | ||
4 | X-Git-Tag: gdb-13-branchpoint~86 | ||
5 | X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7 | ||
6 | |||
7 | PR29892, Field file_table of struct module is uninitialized | ||
8 | |||
9 | PR 29892 | ||
10 | * vms-alphs.c (new_module): Use bfd_zmalloc to alloc file_table. | ||
11 | (parse_module): Rewrite file_table reallocation code and clear. | ||
12 | |||
13 | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7] | ||
14 | |||
15 | CVE: CVE-2023-25585 | ||
16 | |||
17 | Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> | ||
18 | |||
19 | --- | ||
20 | |||
21 | diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c | ||
22 | index 3b63259cc81..6ee7060b0b2 100644 | ||
23 | --- a/bfd/vms-alpha.c | ||
24 | +++ b/bfd/vms-alpha.c | ||
25 | @@ -4337,7 +4337,7 @@ new_module (bfd *abfd) | ||
26 | = (struct module *) bfd_zalloc (abfd, sizeof (struct module)); | ||
27 | module->file_table_count = 16; /* Arbitrary. */ | ||
28 | module->file_table | ||
29 | - = bfd_malloc (module->file_table_count * sizeof (struct fileinfo)); | ||
30 | + = bfd_zmalloc (module->file_table_count * sizeof (struct fileinfo)); | ||
31 | return module; | ||
32 | } | ||
33 | |||
34 | @@ -4520,15 +4520,18 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
35 | src_ptr + DST_S_B_SRC_DF_FILENAME, | ||
36 | ptr + rec_length - (src_ptr + DST_S_B_SRC_DF_FILENAME)); | ||
37 | |||
38 | - while (fileid >= module->file_table_count) | ||
39 | + if (fileid >= module->file_table_count) | ||
40 | { | ||
41 | - module->file_table_count *= 2; | ||
42 | + unsigned int old_count = module->file_table_count; | ||
43 | + module->file_table_count += fileid; | ||
44 | module->file_table | ||
45 | = bfd_realloc_or_free (module->file_table, | ||
46 | module->file_table_count | ||
47 | * sizeof (struct fileinfo)); | ||
48 | if (module->file_table == NULL) | ||
49 | return false; | ||
50 | + memset (module->file_table + old_count, 0, | ||
51 | + fileid * sizeof (struct fileinfo)); | ||
52 | } | ||
53 | |||
54 | module->file_table [fileid].name = filename; | ||