binutils: fix CVE-2022-38126

Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5] (From OE-Core rev: 1c3eaf29fc21579a8e4aa8ab6c356d773f8a38f5) Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: pgowda <pgowda.cve@gmail.com> 2022-09-15 16:31:25 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-09-28 08:02:10 +0100
commit: 7935b3f5a19f9d04ea42825d27c8e6afd7cdbf5d (patch)
tree: aef6898a752d7e47639fa7dae2ef14134599df8f /meta/recipes-devtools
parent: b7925d6994d52160320c211380d9fa54e0e7c34e (diff)
download: poky-7935b3f5a19f9d04ea42825d27c8e6afd7cdbf5d.tar.gz
2 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 8aa8295881..2ddeb0ed39 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -34,5 +34,6 @@ SRC_URI = "\
     file://0013-Avoid-as-info-race-condition.patch \
     file://0014-CVE-2019-1010204.patch \
     file://0015-CVE-2022-38533.patch \
+     file://0016-CVE-2022-38126.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch b/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch
new file mode 100644
index 0000000000..8200e28a81
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch
@@ -0,0 +1,34 @@
+From e3e5ae049371a27fd1737aba946fe26d06e029b5 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 27 Jun 2022 13:43:02 +0100
+Subject: [PATCH] Replace a run-time assertion failure with a warning message
+ when parsing corrupt DWARF data.
+        PR 29289
+        * dwarf.c (display_debug_names): Replace assert with a warning
+        message.
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5]
+Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+---
+ binutils/dwarf.c   | 7 ++++++-
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index 37b477b886d..b99c56987da 100644
+--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
+@@ -9802,7 +9802,12 @@ display_debug_names (struct dwarf_sectio
+       printf (_("Out of %lu items there are %zu bucket clashes"
+                " (longest of %zu entries).\n"),
+              (unsigned long) name_count, hash_clash_count, longest_clash);
+-      assert (name_count == buckets_filled + hash_clash_count);
+
+      if (name_count != buckets_filled + hash_clash_count)
+       warn (_("The name_count (%lu) is not the same as the used bucket_count (%lu) + the hash clash count (%lu)"),
+             (unsigned long) name_count,
+             (unsigned long) buckets_filled,
+             (unsigned long) hash_clash_count);
+ 
+       struct abbrev_lookup_entry
+       {
author	pgowda <pgowda.cve@gmail.com>	2022-09-15 16:31:25 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-28 08:02:10 +0100
commit	7935b3f5a19f9d04ea42825d27c8e6afd7cdbf5d (patch)
tree	aef6898a752d7e47639fa7dae2ef14134599df8f /meta/recipes-devtools
parent	b7925d6994d52160320c211380d9fa54e0e7c34e (diff)
download	poky-7935b3f5a19f9d04ea42825d27c8e6afd7cdbf5d.tar.gz

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index 8aa8295881..2ddeb0ed39 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -34,5 +34,6 @@ SRC_URI = "\
34	file://0013-Avoid-as-info-race-condition.patch \	34	file://0013-Avoid-as-info-race-condition.patch \
35	file://0014-CVE-2019-1010204.patch \	35	file://0014-CVE-2019-1010204.patch \
36	file://0015-CVE-2022-38533.patch \	36	file://0015-CVE-2022-38533.patch \
		37	file://0016-CVE-2022-38126.patch \
37	"	38	"
38	S = "${WORKDIR}/git"	39	S = "${WORKDIR}/git"


diff --git a/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch b/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch new file mode 100644 index 0000000000..8200e28a81 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch
@@ -0,0 +1,34 @@
		1	From e3e5ae049371a27fd1737aba946fe26d06e029b5 Mon Sep 17 00:00:00 2001
		2	From: Nick Clifton <nickc@redhat.com>
		3	Date: Mon, 27 Jun 2022 13:43:02 +0100
		4	Subject: [PATCH] Replace a run-time assertion failure with a warning message
		5	when parsing corrupt DWARF data.
		6
		7	PR 29289
		8	* dwarf.c (display_debug_names): Replace assert with a warning
		9	message.
		10
		11	Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5]
		12
		13	Signed-off-by: Pgowda <pgowda.cve@gmail.com>
		14	---
		15	binutils/dwarf.c \| 7 ++++++-
		16
		17	diff --git a/binutils/dwarf.c b/binutils/dwarf.c
		18	index 37b477b886d..b99c56987da 100644
		19	--- a/binutils/dwarf.c
		20	+++ b/binutils/dwarf.c
		21	@@ -9802,7 +9802,12 @@ display_debug_names (struct dwarf_sectio
		22	printf (_("Out of %lu items there are %zu bucket clashes"
		23	" (longest of %zu entries).\n"),
		24	(unsigned long) name_count, hash_clash_count, longest_clash);
		25	- assert (name_count == buckets_filled + hash_clash_count);
		26	+
		27	+ if (name_count != buckets_filled + hash_clash_count)
		28	+ warn (_("The name_count (%lu) is not the same as the used bucket_count (%lu) + the hash clash count (%lu)"),
		29	+ (unsigned long) name_count,
		30	+ (unsigned long) buckets_filled,
		31	+ (unsigned long) hash_clash_count);
		32
		33	struct abbrev_lookup_entry
		34	{