1 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch
new file mode 100644
index 0000000000..102d65f8a6
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch
@@ -0,0 +1,37 @@
+From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 13 Aug 2022 15:32:47 +0930
+Subject: [PATCH] PR29482 - strip: heap-buffer-overflow
+        PR 29482
+        * coffcode.h (coff_set_section_contents): Sanity check _LIB.
+CVE: CVE-2022-38533
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]
+Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com>
+---
+ bfd/coffcode.h | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+diff --git a/bfd/coffcode.h b/bfd/coffcode.h
+index dec2e9c6370..75c18d88602 100644
+--- a/bfd/coffcode.h
+++ b/bfd/coffcode.h
+@@ -4170,10 +4170,13 @@ coff_set_section_contents (bfd * abfd,
+ 
+        rec = (bfd_byte *) location;
+        recend = rec + count;
+-       while (rec < recend)
+       while (recend - rec >= 4)
+          {
+           size_t len = bfd_get_32 (abfd, rec);
+           if (len == 0 || len > (size_t) (recend - rec) / 4)
+             break;
+           rec += len * 4;
+            ++section->lma;
+-           rec += bfd_get_32 (abfd, rec) * 4;
+          }
+ 
+        BFD_ASSERT (rec == recend);

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch new file mode 100644 index 0000000000..102d65f8a6 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-38533.patch
@@ -0,0 +1,37 @@
	1	From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001
	2	From: Alan Modra <amodra@gmail.com>
	3	Date: Sat, 13 Aug 2022 15:32:47 +0930
	4	Subject: [PATCH] PR29482 - strip: heap-buffer-overflow
	5
	6	PR 29482
	7	* coffcode.h (coff_set_section_contents): Sanity check _LIB.
	8
	9	CVE: CVE-2022-38533
	10	Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]
	11
	12	Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com>
	13
	14	---
	15	bfd/coffcode.h \| 7 +++++--
	16	1 file changed, 5 insertions(+), 2 deletions(-)
	17
	18	diff --git a/bfd/coffcode.h b/bfd/coffcode.h
	19	index dec2e9c6370..75c18d88602 100644
	20	--- a/bfd/coffcode.h
	21	+++ b/bfd/coffcode.h
	22	@@ -4170,10 +4170,13 @@ coff_set_section_contents (bfd * abfd,
	23
	24	rec = (bfd_byte *) location;
	25	recend = rec + count;
	26	- while (rec < recend)
	27	+ while (recend - rec >= 4)
	28	{
	29	+ size_t len = bfd_get_32 (abfd, rec);
	30	+ if (len == 0 \|\| len > (size_t) (recend - rec) / 4)
	31	+ break;
	32	+ rec += len * 4;
	33	++section->lma;
	34	- rec += bfd_get_32 (abfd, rec) * 4;
	35	}
	36
	37	BFD_ASSERT (rec == recend);