2 files changed, 51 insertions, 0 deletions
diff --git a/meta/recipes-devtools/nasm/nasm/CVE-2022-46457.patch b/meta/recipes-devtools/nasm/nasm/CVE-2022-46457.patch
new file mode 100644
index 0000000000..3502d572cd
--- /dev/null
+++ b/meta/recipes-devtools/nasm/nasm/CVE-2022-46457.patch
@@ -0,0 +1,50 @@
+From c8af73112027fad0ecbb277e9cba257678c405af Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@zytor.com>
+Date: Wed, 7 Dec 2022 10:23:46 -0800
+Subject: [PATCH] outieee: fix segfault on empty input
+Fix the IEEE backend crashing if the input file is empty.
+Signed-off-by: H. Peter Anvin <hpa@zytor.com>
+Upstream-Status: Backport [https://github.com/netwide-assembler/nasm/commit/c8af73112027fad0ecbb277e9cba257678c405af]
+CVE: CVE-2022-46457
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ output/outieee.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+diff --git a/output/outieee.c b/output/outieee.c
+index cdb8333..8bc5eaa 100644
+--- a/output/outieee.c
+++ b/output/outieee.c
+@@ -919,7 +919,7 @@ static void ieee_write_file(void)
+      * Write the section headers
+      */
+     seg = seghead;
+-    if (!debuginfo && !strcmp(seg->name, "??LINE"))
+    if (!debuginfo && seg && !strcmp(seg->name, "??LINE"))
+         seg = seg->next;
+     while (seg) {
+         char buf[256];
+@@ -954,7 +954,7 @@ static void ieee_write_file(void)
+     /*
+      * write the start address if there is one
+      */
+-    if (ieee_entry_seg) {
+    if (ieee_entry_seg && seghead) {
+         for (seg = seghead; seg; seg = seg->next)
+             if (seg->index == ieee_entry_seg)
+                 break;
+@@ -1067,7 +1067,7 @@ static void ieee_write_file(void)
+      *  put out section data;
+      */
+     seg = seghead;
+-    if (!debuginfo && !strcmp(seg->name, "??LINE"))
+    if (!debuginfo && seg && !strcmp(seg->name, "??LINE"))
+         seg = seg->next;
+     while (seg) {
+         if (seg->currentpos) {
+--
+2.40.0
diff --git a/meta/recipes-devtools/nasm/nasm_2.15.05.bb b/meta/recipes-devtools/nasm/nasm_2.15.05.bb
index 59b1121bd4..bcb7e071d6 100644
--- a/meta/recipes-devtools/nasm/nasm_2.15.05.bb
+++ b/meta/recipes-devtools/nasm/nasm_2.15.05.bb
@@ -9,6 +9,7 @@ SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \
           file://0001-stdlib-Add-strlcat.patch \
           file://0002-Add-debug-prefix-map-option.patch \
           file://CVE-2022-44370.patch \
+           file://CVE-2022-46457.patch \
           "
 SRC_URI[sha256sum] = "3c4b8339e5ab54b1bcb2316101f8985a5da50a3f9e504d43fa6f35668bee2fd0"

diff --git a/meta/recipes-devtools/nasm/nasm/CVE-2022-46457.patch b/meta/recipes-devtools/nasm/nasm/CVE-2022-46457.patch new file mode 100644 index 0000000000..3502d572cd --- /dev/null +++ b/meta/recipes-devtools/nasm/nasm/CVE-2022-46457.patch
@@ -0,0 +1,50 @@
		1	From c8af73112027fad0ecbb277e9cba257678c405af Mon Sep 17 00:00:00 2001
		2	From: "H. Peter Anvin" <hpa@zytor.com>
		3	Date: Wed, 7 Dec 2022 10:23:46 -0800
		4	Subject: [PATCH] outieee: fix segfault on empty input
		5
		6	Fix the IEEE backend crashing if the input file is empty.
		7
		8	Signed-off-by: H. Peter Anvin <hpa@zytor.com>
		9
		10	Upstream-Status: Backport [https://github.com/netwide-assembler/nasm/commit/c8af73112027fad0ecbb277e9cba257678c405af]
		11	CVE: CVE-2022-46457
		12
		13	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		14	---
		15	output/outieee.c \| 6 +++---
		16	1 file changed, 3 insertions(+), 3 deletions(-)
		17
		18	diff --git a/output/outieee.c b/output/outieee.c
		19	index cdb8333..8bc5eaa 100644
		20	--- a/output/outieee.c
		21	+++ b/output/outieee.c
		22	@@ -919,7 +919,7 @@ static void ieee_write_file(void)
		23	* Write the section headers
		24	*/
		25	seg = seghead;
		26	- if (!debuginfo && !strcmp(seg->name, "??LINE"))
		27	+ if (!debuginfo && seg && !strcmp(seg->name, "??LINE"))
		28	seg = seg->next;
		29	while (seg) {
		30	char buf[256];
		31	@@ -954,7 +954,7 @@ static void ieee_write_file(void)
		32	/*
		33	* write the start address if there is one
		34	*/
		35	- if (ieee_entry_seg) {
		36	+ if (ieee_entry_seg && seghead) {
		37	for (seg = seghead; seg; seg = seg->next)
		38	if (seg->index == ieee_entry_seg)
		39	break;
		40	@@ -1067,7 +1067,7 @@ static void ieee_write_file(void)
		41	* put out section data;
		42	*/
		43	seg = seghead;
		44	- if (!debuginfo && !strcmp(seg->name, "??LINE"))
		45	+ if (!debuginfo && seg && !strcmp(seg->name, "??LINE"))
		46	seg = seg->next;
		47	while (seg) {
		48	if (seg->currentpos) {
		49	--
		50	2.40.0


diff --git a/meta/recipes-devtools/nasm/nasm_2.15.05.bb b/meta/recipes-devtools/nasm/nasm_2.15.05.bb index 59b1121bd4..bcb7e071d6 100644 --- a/meta/recipes-devtools/nasm/nasm_2.15.05.bb +++ b/meta/recipes-devtools/nasm/nasm_2.15.05.bb
@@ -9,6 +9,7 @@ SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \
9	file://0001-stdlib-Add-strlcat.patch \	9	file://0001-stdlib-Add-strlcat.patch \
10	file://0002-Add-debug-prefix-map-option.patch \	10	file://0002-Add-debug-prefix-map-option.patch \
11	file://CVE-2022-44370.patch \	11	file://CVE-2022-44370.patch \
		12	file://CVE-2022-46457.patch \
12	"	13	"
13		14
14	SRC_URI[sha256sum] = "3c4b8339e5ab54b1bcb2316101f8985a5da50a3f9e504d43fa6f35668bee2fd0"	15	SRC_URI[sha256sum] = "3c4b8339e5ab54b1bcb2316101f8985a5da50a3f9e504d43fa6f35668bee2fd0"