1 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch
new file mode 100644
index 0000000000..990243f5c9
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch
@@ -0,0 +1,56 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 17 Mar 2022 09:35:39 +0000 (+1030)
+Subject: ubsan: Null dereference in parse_module
+X-Git-Tag: gdb-12.1-release~59
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2
+ubsan: Null dereference in parse_module
+        * vms-alpha.c (parse_module): Sanity check that DST__K_RTNBEG
+        has set module->func_table for DST__K_RTNEND.  Check return
+        of bfd_zalloc.
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2]
+CVE: CVE-2023-25584
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+---
+diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
+index 4a92574c850..1129c98f0e2 100644
+--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
+@@ -4352,9 +4352,13 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+   /* Initialize tables with zero element.  */
+   curr_srec = (struct srecinfo *) bfd_zalloc (abfd, sizeof (struct srecinfo));
+  if (!curr_srec)
+    return false;
+   module->srec_table = curr_srec;
+   curr_line = (struct lineinfo *) bfd_zalloc (abfd, sizeof (struct lineinfo));
+  if (!curr_line)
+    return false;
+   module->line_table = curr_line;
+   while (length == -1 || ptr < maxptr)
+@@ -4389,6 +4393,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+        case DST__K_RTNBEG:
+          funcinfo = (struct funcinfo *)
+            bfd_zalloc (abfd, sizeof (struct funcinfo));
+         if (!funcinfo)
+           return false;
+          funcinfo->name
+            = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME,
+                                            maxptr - (ptr + DST_S_B_RTNBEG_NAME));
+@@ -4401,6 +4407,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+          break;
+        case DST__K_RTNEND:
+         if (!module->func_table)
+           return false;
+          module->func_table->high = module->func_table->low
+            + bfd_getl32 (ptr + DST_S_L_RTNEND_SIZE) - 1;

diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch new file mode 100644 index 0000000000..990243f5c9 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch
@@ -0,0 +1,56 @@
	1	From: Alan Modra <amodra@gmail.com>
	2	Date: Thu, 17 Mar 2022 09:35:39 +0000 (+1030)
	3	Subject: ubsan: Null dereference in parse_module
	4	X-Git-Tag: gdb-12.1-release~59
	5	X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2
	6
	7	ubsan: Null dereference in parse_module
	8
	9	* vms-alpha.c (parse_module): Sanity check that DST__K_RTNBEG
	10	has set module->func_table for DST__K_RTNEND. Check return
	11	of bfd_zalloc.
	12
	13	Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2]
	14
	15	CVE: CVE-2023-25584
	16
	17	Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
	18
	19	---
	20
	21	diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
	22	index 4a92574c850..1129c98f0e2 100644
	23	--- a/bfd/vms-alpha.c
	24	+++ b/bfd/vms-alpha.c
	25	@@ -4352,9 +4352,13 @@ parse_module (bfd abfd, struct module module, unsigned char *ptr,
	26
	27	/* Initialize tables with zero element. */
	28	curr_srec = (struct srecinfo *) bfd_zalloc (abfd, sizeof (struct srecinfo));
	29	+ if (!curr_srec)
	30	+ return false;
	31	module->srec_table = curr_srec;
	32
	33	curr_line = (struct lineinfo *) bfd_zalloc (abfd, sizeof (struct lineinfo));
	34	+ if (!curr_line)
	35	+ return false;
	36	module->line_table = curr_line;
	37
	38	while (length == -1 \|\| ptr < maxptr)
	39	@@ -4389,6 +4393,8 @@ parse_module (bfd abfd, struct module module, unsigned char *ptr,
	40	case DST__K_RTNBEG:
	41	funcinfo = (struct funcinfo *)
	42	bfd_zalloc (abfd, sizeof (struct funcinfo));
	43	+ if (!funcinfo)
	44	+ return false;
	45	funcinfo->name
	46	= _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME,
	47	maxptr - (ptr + DST_S_B_RTNBEG_NAME));
	48	@@ -4401,6 +4407,8 @@ parse_module (bfd abfd, struct module module, unsigned char *ptr,
	49	break;
	50
	51	case DST__K_RTNEND:
	52	+ if (!module->func_table)
	53	+ return false;
	54	module->func_table->high = module->func_table->low
	55	+ bfd_getl32 (ptr + DST_S_L_RTNEND_SIZE) - 1;
	56