diff options
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils-2.38.inc | 1 | ||||
| -rw-r--r-- | meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch | 54 |
2 files changed, 55 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index 69fb8539ba..408b503644 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc | |||
| @@ -53,5 +53,6 @@ SRC_URI = "\ | |||
| 53 | file://0022-CVE-2023-25584-1.patch \ | 53 | file://0022-CVE-2023-25584-1.patch \ |
| 54 | file://0022-CVE-2023-25584-2.patch \ | 54 | file://0022-CVE-2023-25584-2.patch \ |
| 55 | file://0022-CVE-2023-25584-3.patch \ | 55 | file://0022-CVE-2023-25584-3.patch \ |
| 56 | file://0023-CVE-2023-25585.patch \ | ||
| 56 | " | 57 | " |
| 57 | S = "${WORKDIR}/git" | 58 | S = "${WORKDIR}/git" |
diff --git a/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch b/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch new file mode 100644 index 0000000000..e31a027b9f --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch | |||
| @@ -0,0 +1,54 @@ | |||
| 1 | From: Alan Modra <amodra@gmail.com> | ||
| 2 | Date: Mon, 12 Dec 2022 08:31:08 +0000 (+1030) | ||
| 3 | Subject: PR29892, Field file_table of struct module is uninitialized | ||
| 4 | X-Git-Tag: gdb-13-branchpoint~86 | ||
| 5 | X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7 | ||
| 6 | |||
| 7 | PR29892, Field file_table of struct module is uninitialized | ||
| 8 | |||
| 9 | PR 29892 | ||
| 10 | * vms-alphs.c (new_module): Use bfd_zmalloc to alloc file_table. | ||
| 11 | (parse_module): Rewrite file_table reallocation code and clear. | ||
| 12 | |||
| 13 | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7] | ||
| 14 | |||
| 15 | CVE: CVE-2023-25585 | ||
| 16 | |||
| 17 | Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> | ||
| 18 | |||
| 19 | --- | ||
| 20 | |||
| 21 | diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c | ||
| 22 | index 3b63259cc81..6ee7060b0b2 100644 | ||
| 23 | --- a/bfd/vms-alpha.c | ||
| 24 | +++ b/bfd/vms-alpha.c | ||
| 25 | @@ -4337,7 +4337,7 @@ new_module (bfd *abfd) | ||
| 26 | = (struct module *) bfd_zalloc (abfd, sizeof (struct module)); | ||
| 27 | module->file_table_count = 16; /* Arbitrary. */ | ||
| 28 | module->file_table | ||
| 29 | - = bfd_malloc (module->file_table_count * sizeof (struct fileinfo)); | ||
| 30 | + = bfd_zmalloc (module->file_table_count * sizeof (struct fileinfo)); | ||
| 31 | return module; | ||
| 32 | } | ||
| 33 | |||
| 34 | @@ -4520,15 +4520,18 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr, | ||
| 35 | src_ptr + DST_S_B_SRC_DF_FILENAME, | ||
| 36 | ptr + rec_length - (src_ptr + DST_S_B_SRC_DF_FILENAME)); | ||
| 37 | |||
| 38 | - while (fileid >= module->file_table_count) | ||
| 39 | + if (fileid >= module->file_table_count) | ||
| 40 | { | ||
| 41 | - module->file_table_count *= 2; | ||
| 42 | + unsigned int old_count = module->file_table_count; | ||
| 43 | + module->file_table_count += fileid; | ||
| 44 | module->file_table | ||
| 45 | = bfd_realloc_or_free (module->file_table, | ||
| 46 | module->file_table_count | ||
| 47 | * sizeof (struct fileinfo)); | ||
| 48 | if (module->file_table == NULL) | ||
| 49 | return false; | ||
| 50 | + memset (module->file_table + old_count, 0, | ||
| 51 | + fileid * sizeof (struct fileinfo)); | ||
| 52 | } | ||
| 53 | |||
| 54 | module->file_table [fileid].name = filename; | ||