1 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch
new file mode 100644
index 0000000000..f41c02a02b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch
@@ -0,0 +1,49 @@
+From 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 21 Dec 2022 11:51:23 +0000
+Subject: [PATCH] Fix an attempt to allocate an unreasonably large amount of
+ memory when parsing a corrupt ELF file.
+        PR  29924
+        * objdump.c (load_specific_debug_section): Check for excessively
+        large sections.
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd]
+CVE: CVE-2022-48063
+Signed-off-by: Virendra Thakur <virendrak@kpit.com>
+Comment: Patch refreshed based on codebase.
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/objdump.c | 4 +++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+diff --git a/binutils/ChangeLog b/binutils/ChangeLog
+index e7f918d3f65..020e09f3700 100644
+--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
+@@ -1,3 +1,9 @@
+2022-12-21  Nick Clifton  <nickc@redhat.com>
+
+       PR  29924
+       * objdump.c (load_specific_debug_section): Check for excessively
+       large sections.
+
+ 2021-02-11  Alan Modra  <amodra@gmail.com>
+ 
+           PR 27290
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+index d51abbe3858..2eb02de0e76 100644
+--- a/binutils/objdump.c
+++ b/binutils/objdump.c
+@@ -3479,7 +3479,9 @@
+   section->size = bfd_section_size (sec);
+   /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */
+   alloced = amt = section->size + 1;
+-  if (alloced != amt || alloced == 0)
+  if (alloced != amt
+      || alloced == 0
+      || (bfd_get_size (abfd) != 0 && alloced >= bfd_get_size (abfd)))
+     {
+       section->start = NULL;
+       free_debug_section (debug);

diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch new file mode 100644 index 0000000000..f41c02a02b --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch
@@ -0,0 +1,49 @@
	1	From 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd Mon Sep 17 00:00:00 2001
	2	From: Nick Clifton <nickc@redhat.com>
	3	Date: Wed, 21 Dec 2022 11:51:23 +0000
	4	Subject: [PATCH] Fix an attempt to allocate an unreasonably large amount of
	5	memory when parsing a corrupt ELF file.
	6
	7	PR 29924
	8	* objdump.c (load_specific_debug_section): Check for excessively
	9	large sections.
	10	Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd]
	11	CVE: CVE-2022-48063
	12	Signed-off-by: Virendra Thakur <virendrak@kpit.com>
	13	Comment: Patch refreshed based on codebase.
	14	---
	15	binutils/ChangeLog \| 6 ++++++
	16	binutils/objdump.c \| 4 +++-
	17	2 files changed, 9 insertions(+), 1 deletion(-)
	18
	19	diff --git a/binutils/ChangeLog b/binutils/ChangeLog
	20	index e7f918d3f65..020e09f3700 100644
	21	--- a/binutils/ChangeLog
	22	+++ b/binutils/ChangeLog
	23	@@ -1,3 +1,9 @@
	24	+2022-12-21 Nick Clifton <nickc@redhat.com>
	25	+
	26	+ PR 29924
	27	+ * objdump.c (load_specific_debug_section): Check for excessively
	28	+ large sections.
	29	+
	30	2021-02-11 Alan Modra <amodra@gmail.com>
	31
	32	PR 27290
	33
	34	diff --git a/binutils/objdump.c b/binutils/objdump.c
	35	index d51abbe3858..2eb02de0e76 100644
	36	--- a/binutils/objdump.c
	37	+++ b/binutils/objdump.c
	38	@@ -3479,7 +3479,9 @@
	39	section->size = bfd_section_size (sec);
	40	/* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */
	41	alloced = amt = section->size + 1;
	42	- if (alloced != amt \|\| alloced == 0)
	43	+ if (alloced != amt
	44	+ \|\| alloced == 0
	45	+ \|\| (bfd_get_size (abfd) != 0 && alloced >= bfd_get_size (abfd)))
	46	{
	47	section->start = NULL;
	48	free_debug_section (debug);
	49