binutils: Fix CVE-2025-7546

Report corrupted group section instead of trying to recover. CVE: CVE-2025-7546 Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b] PR 33050 [https://sourceware.org/bugzilla/show_bug.cgi?id=33050] (From OE-Core rev: 5860b954681c37ac6685631cce439fd349093689) Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Yash Shinde <Yash.Shinde@windriver.com> 2025-07-17 05:02:10 -0700
committer: Steve Sakoman <steve@sakoman.com> 2025-07-30 07:47:48 -0700
commit: 47c3b0bc3f2088710f0260702babac05cf6b69ab (patch)
tree: 98575bb791d54be66741643f05263343b177601a
parent: 5a3578faeca4fa4ce1b7b557db00c720957a5e08 (diff)
download: poky-47c3b0bc3f2088710f0260702babac05cf6b69ab.tar.gz
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index e25f52e171..4a460eb8d9 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -78,5 +78,6 @@ SRC_URI = "\
     file://0040-CVE-2025-1182.patch \
     file://0041-CVE-2025-5244.patch \
     file://0042-CVE-2025-5245.patch \
+     file://0043-CVE-2025-7546.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0043-CVE-2025-7546.patch b/meta/recipes-devtools/binutils/binutils/0043-CVE-2025-7546.patch
new file mode 100644
index 0000000000..da4dc3fb39
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0043-CVE-2025-7546.patch
@@ -0,0 +1,44 @@
+From 41461010eb7c79fee7a9d5f6209accdaac66cc6b Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 21 Jun 2025 06:52:00 +0800
+Subject: [PATCH] elf: Report corrupted group section
+Report corrupted group section instead of trying to recover.
+        PR binutils/33050
+        * elf.c (bfd_elf_set_group_contents): Report corrupted group
+        section.
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b]
+CVE: CVE-2025-7546
+Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+---
+ bfd/elf.c | 23 ++++++++++-------------
+ 1 file changed, 10 insertions(+), 13 deletions(-)
+diff --git a/bfd/elf.c b/bfd/elf.c
+index 14ce15c7254..ee894eb05f2 100644
+--- a/bfd/elf.c
+++ b/bfd/elf.c
+@@ -3611,8 +3611,18 @@
+        break;
+     }
+ 
+  /* We should always get here with loc == sec->contents + 4.  Return
+     an error for bogus SHT_GROUP sections.  */
+   loc -= 4;
+-  BFD_ASSERT (loc == sec->contents);
+  if (loc != sec->contents)
+    {
+     /* xgettext:c-format */
+      _bfd_error_handler (_("%pB: corrupted group section: `%pA'"),
+                         abfd, sec);
+      bfd_set_error (bfd_error_bad_value);
+      *failedptr = true;
+      return;
+    }
+ 
+   H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);
+ }
author	Yash Shinde <Yash.Shinde@windriver.com>	2025-07-17 05:02:10 -0700
committer	Steve Sakoman <steve@sakoman.com>	2025-07-30 07:47:48 -0700
commit	47c3b0bc3f2088710f0260702babac05cf6b69ab (patch)
tree	98575bb791d54be66741643f05263343b177601a
parent	5a3578faeca4fa4ce1b7b557db00c720957a5e08 (diff)
download	poky-47c3b0bc3f2088710f0260702babac05cf6b69ab.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index e25f52e171..4a460eb8d9 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -78,5 +78,6 @@ SRC_URI = "\
78	file://0040-CVE-2025-1182.patch \	78	file://0040-CVE-2025-1182.patch \
79	file://0041-CVE-2025-5244.patch \	79	file://0041-CVE-2025-5244.patch \
80	file://0042-CVE-2025-5245.patch \	80	file://0042-CVE-2025-5245.patch \
		81	file://0043-CVE-2025-7546.patch \
81	"	82	"
82	S = "${WORKDIR}/git"	83	S = "${WORKDIR}/git"


diff --git a/meta/recipes-devtools/binutils/binutils/0043-CVE-2025-7546.patch b/meta/recipes-devtools/binutils/binutils/0043-CVE-2025-7546.patch new file mode 100644 index 0000000000..da4dc3fb39 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0043-CVE-2025-7546.patch
@@ -0,0 +1,44 @@
		1	From 41461010eb7c79fee7a9d5f6209accdaac66cc6b Mon Sep 17 00:00:00 2001
		2	From: "H.J. Lu" <hjl.tools@gmail.com>
		3	Date: Sat, 21 Jun 2025 06:52:00 +0800
		4	Subject: [PATCH] elf: Report corrupted group section
		5
		6	Report corrupted group section instead of trying to recover.
		7
		8	PR binutils/33050
		9	* elf.c (bfd_elf_set_group_contents): Report corrupted group
		10	section.
		11
		12	Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b]
		13	CVE: CVE-2025-7546
		14
		15	Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
		16	Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
		17	---
		18	bfd/elf.c \| 23 ++++++++++-------------
		19	1 file changed, 10 insertions(+), 13 deletions(-)
		20
		21	diff --git a/bfd/elf.c b/bfd/elf.c
		22	index 14ce15c7254..ee894eb05f2 100644
		23	--- a/bfd/elf.c
		24	+++ b/bfd/elf.c
		25	@@ -3611,8 +3611,18 @@
		26	break;
		27	}
		28
		29	+ /* We should always get here with loc == sec->contents + 4. Return
		30	+ an error for bogus SHT_GROUP sections. */
		31	loc -= 4;
		32	- BFD_ASSERT (loc == sec->contents);
		33	+ if (loc != sec->contents)
		34	+ {
		35	+ /* xgettext:c-format */
		36	+ _bfd_error_handler (_("%pB: corrupted group section: `%pA'"),
		37	+ abfd, sec);
		38	+ bfd_set_error (bfd_error_bad_value);
		39	+ *failedptr = true;
		40	+ return;
		41	+ }
		42
		43	H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);
		44	}