1 files changed, 57 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch
new file mode 100644
index 0000000000..101a4cdb4e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch
@@ -0,0 +1,57 @@
+From 3d3af4ba39e892b1c544d667ca241846bc3df386 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 4 Dec 2022 22:15:40 +1030
+Subject: [PATCH] PR29846, segmentation fault in objdump.c compare_symbols
+Fixes a fuzzed object file problem where plt relocs were manipulated
+in such a way that two synthetic symbols were generated at the same
+plt location.  Won't occur in real object files.
+        PR 29846
+        PR 20337
+        * objdump.c (compare_symbols): Test symbol flags to exclude
+        section and synthetic symbols before attempting to check flavour.
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=3d3af4ba39e892b1c544d667ca241846bc3df386]
+CVE: CVE-2022-47695
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Patch refreshed based on codebase.
+---
+ binutils/objdump.c | 23 ++++++++++-------------
+ 1 file changed, 10 insertions(+), 13 deletions(-)
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+index e8481b2d928..d95c8b68bf0 100644
+--- a/binutils/objdump.c
+++ b/binutils/objdump.c
+@@ -935,20 +935,17 @@
+        return 1;
+     }
+ 
+-  if (bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour
+  /* Sort larger size ELF symbols before smaller.  See PR20337.  */
+  bfd_vma asz = 0;
+  if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
+      && bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour)
+    asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
+  bfd_vma bsz = 0;
+  if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
+       && bfd_get_flavour (bfd_asymbol_bfd (b)) == bfd_target_elf_flavour)
+-    {
+-      bfd_vma asz, bsz;
+-
+-      asz = 0;
+-      if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
+-       asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
+-      bsz = 0;
+-      if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
+-       bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
+-      if (asz != bsz)
+-       return asz > bsz ? -1 : 1;
+-    }
+    bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
+  if (asz != bsz)
+    return asz > bsz ? -1 : 1;
+ 
+   /* Symbols that start with '.' might be section names, so sort them
+      after symbols that don't start with '.'.  */

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch new file mode 100644 index 0000000000..101a4cdb4e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-47695.patch
@@ -0,0 +1,57 @@
	1	From 3d3af4ba39e892b1c544d667ca241846bc3df386 Mon Sep 17 00:00:00 2001
	2	From: Alan Modra <amodra@gmail.com>
	3	Date: Sun, 4 Dec 2022 22:15:40 +1030
	4	Subject: [PATCH] PR29846, segmentation fault in objdump.c compare_symbols
	5
	6	Fixes a fuzzed object file problem where plt relocs were manipulated
	7	in such a way that two synthetic symbols were generated at the same
	8	plt location. Won't occur in real object files.
	9
	10	PR 29846
	11	PR 20337
	12	* objdump.c (compare_symbols): Test symbol flags to exclude
	13	section and synthetic symbols before attempting to check flavour.
	14	Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=3d3af4ba39e892b1c544d667ca241846bc3df386]
	15	CVE: CVE-2022-47695
	16	Signed-off-by: Virendra Thakur <virendrak@kpit.com>
	17	Comment: Patch refreshed based on codebase.
	18	---
	19	binutils/objdump.c \| 23 ++++++++++-------------
	20	1 file changed, 10 insertions(+), 13 deletions(-)
	21
	22	diff --git a/binutils/objdump.c b/binutils/objdump.c
	23	index e8481b2d928..d95c8b68bf0 100644
	24	--- a/binutils/objdump.c
	25	+++ b/binutils/objdump.c
	26	@@ -935,20 +935,17 @@
	27	return 1;
	28	}
	29
	30	- if (bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour
	31	+ /* Sort larger size ELF symbols before smaller. See PR20337. */
	32	+ bfd_vma asz = 0;
	33	+ if ((a->flags & (BSF_SECTION_SYM \| BSF_SYNTHETIC)) == 0
	34	+ && bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour)
	35	+ asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
	36	+ bfd_vma bsz = 0;
	37	+ if ((b->flags & (BSF_SECTION_SYM \| BSF_SYNTHETIC)) == 0
	38	&& bfd_get_flavour (bfd_asymbol_bfd (b)) == bfd_target_elf_flavour)
	39	- {
	40	- bfd_vma asz, bsz;
	41	-
	42	- asz = 0;
	43	- if ((a->flags & (BSF_SECTION_SYM \| BSF_SYNTHETIC)) == 0)
	44	- asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
	45	- bsz = 0;
	46	- if ((b->flags & (BSF_SECTION_SYM \| BSF_SYNTHETIC)) == 0)
	47	- bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
	48	- if (asz != bsz)
	49	- return asz > bsz ? -1 : 1;
	50	- }
	51	+ bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
	52	+ if (asz != bsz)
	53	+ return asz > bsz ? -1 : 1;
	54
	55	/* Symbols that start with '.' might be section names, so sort them
	56	after symbols that don't start with '.'. */
	57