1 files changed, 154 insertions, 0 deletions
diff --git a/meta/recipes-devtools/elfutils/files/CVE-2025-1352.patch b/meta/recipes-devtools/elfutils/files/CVE-2025-1352.patch
new file mode 100644
index 0000000000..b5e8dff980
--- /dev/null
+++ b/meta/recipes-devtools/elfutils/files/CVE-2025-1352.patch
@@ -0,0 +1,154 @@
+From 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sat, 8 Feb 2025 20:00:12 +0100
+Subject: [PATCH] libdw: Simplify __libdw_getabbrev and fix dwarf_offabbrev
+ issue
+__libdw_getabbrev could crash on reading a bad abbrev by trying to
+deallocate memory it didn't allocate itself. This could happen because
+dwarf_offabbrev would supply its own memory when calling
+__libdw_getabbrev. No other caller did this.
+Simplify the __libdw_getabbrev common code by not taking external
+memory to put the abbrev result in (this would also not work correctly
+if the abbrev was already cached). And make dwarf_offabbrev explicitly
+copy the result (if there was no error or end of abbrev).
+     * libdw/dwarf_getabbrev.c (__libdw_getabbrev): Don't take
+     Dwarf_Abbrev result argument. Always just allocate abb when
+     abbrev not found in cache.
+     (dwarf_getabbrev): Don't pass NULL as last argument to
+     __libdw_getabbrev.
+    * libdw/dwarf_tag.c (__libdw_findabbrev): Likewise.
+    * libdw/dwarf_offabbrev.c (dwarf_offabbrev): Likewise. And copy
+    abbrev into abbrevp on success.
+    * libdw/libdw.h (dwarf_offabbrev): Document return values.
+    * libdw/libdwP.h (__libdw_getabbrev): Don't take Dwarf_Abbrev
+    result argument.
+https://sourceware.org/bugzilla/show_bug.cgi?id=32650
+CVE: CVE-2025-1352
+Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=2636426a091bd6c6f7f02e49ab20d4cdc6bfc753]
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
+---
+ libdw/dwarf_getabbrev.c | 12 ++++--------
+ libdw/dwarf_offabbrev.c | 10 +++++++---
+ libdw/dwarf_tag.c       |  3 +--
+ libdw/libdw.h           |  4 +++-
+ libdw/libdwP.h          |  3 +--
+ 5 files changed, 16 insertions(+), 16 deletions(-)
+diff --git a/libdw/dwarf_getabbrev.c b/libdw/dwarf_getabbrev.c
+index 5b02333..d9a6c02 100644
+--- a/libdw/dwarf_getabbrev.c
+++ b/libdw/dwarf_getabbrev.c
+@@ -1,5 +1,6 @@
+ /* Get abbreviation at given offset.
+    Copyright (C) 2003, 2004, 2005, 2006, 2014, 2017 Red Hat, Inc.
+   Copyright (C) 2025 Mark J. Wielaard <mark@klomp.org>
+    This file is part of elfutils.
+    Written by Ulrich Drepper <drepper@redhat.com>, 2003.
+ 
+@@ -38,7 +39,7 @@
+ Dwarf_Abbrev *
+ internal_function
+ __libdw_getabbrev (Dwarf *dbg, struct Dwarf_CU *cu, Dwarf_Off offset,
+-                  size_t *lengthp, Dwarf_Abbrev *result)
+                  size_t *lengthp)
+ {
+   /* Don't fail if there is not .debug_abbrev section.  */
+   if (dbg->sectiondata[IDX_debug_abbrev] == NULL)
+@@ -85,12 +86,7 @@ __libdw_getabbrev (Dwarf *dbg, struct Dwarf_CU *cu, Dwarf_Off offset,
+   Dwarf_Abbrev *abb = NULL;
+   if (cu == NULL
+       || (abb = Dwarf_Abbrev_Hash_find (&cu->abbrev_hash, code)) == NULL)
+-    {
+-      if (result == NULL)
+-       abb = libdw_typed_alloc (dbg, Dwarf_Abbrev);
+-      else
+-       abb = result;
+-    }
+    abb = libdw_typed_alloc (dbg, Dwarf_Abbrev);
+   else
+     {
+       foundit = true;
+@@ -183,5 +179,5 @@ dwarf_getabbrev (Dwarf_Die *die, Dwarf_Off offset, size_t *lengthp)
+       return NULL;
+     }
+ 
+-  return __libdw_getabbrev (dbg, cu, abbrev_offset + offset, lengthp, NULL);
+  return __libdw_getabbrev (dbg, cu, abbrev_offset + offset, lengthp);
+ }
+diff --git a/libdw/dwarf_offabbrev.c b/libdw/dwarf_offabbrev.c
+index 27cdad6..41df69b 100644
+--- a/libdw/dwarf_offabbrev.c
+++ b/libdw/dwarf_offabbrev.c
+@@ -41,11 +41,15 @@ dwarf_offabbrev (Dwarf *dbg, Dwarf_Off offset, size_t *lengthp,
+   if (dbg == NULL)
+     return -1;
+ 
+-  Dwarf_Abbrev *abbrev = __libdw_getabbrev (dbg, NULL, offset, lengthp,
+-                                           abbrevp);
+  Dwarf_Abbrev *abbrev = __libdw_getabbrev (dbg, NULL, offset, lengthp);
+ 
+   if (abbrev == NULL)
+     return -1;
+ 
+-  return abbrev == DWARF_END_ABBREV ? 1 : 0;
+  if (abbrev == DWARF_END_ABBREV)
+    return 1;
+
+  *abbrevp = *abbrev;
+
+  return 0;
+ }
+diff --git a/libdw/dwarf_tag.c b/libdw/dwarf_tag.c
+index d784970..218382a 100644
+--- a/libdw/dwarf_tag.c
+++ b/libdw/dwarf_tag.c
+@@ -53,8 +53,7 @@ __libdw_findabbrev (struct Dwarf_CU *cu, unsigned int code)
+ 
+        /* Find the next entry.  It gets automatically added to the
+           hash table.  */
+-       abb = __libdw_getabbrev (cu->dbg, cu, cu->last_abbrev_offset, &length,
+-                                NULL);
+       abb = __libdw_getabbrev (cu->dbg, cu, cu->last_abbrev_offset, &length);
+        if (abb == NULL || abb == DWARF_END_ABBREV)
+          {
+            /* Make sure we do not try to search for it again.  */
+diff --git a/libdw/libdw.h b/libdw/libdw.h
+index d53dc78..ec4713a 100644
+--- a/libdw/libdw.h
+++ b/libdw/libdw.h
+@@ -587,7 +587,9 @@ extern int dwarf_srclang (Dwarf_Die *die);
+ extern Dwarf_Abbrev *dwarf_getabbrev (Dwarf_Die *die, Dwarf_Off offset,
+                                      size_t *lengthp);
+ 
+-/* Get abbreviation at given offset in .debug_abbrev section.  */
+/* Get abbreviation at given offset in .debug_abbrev section.  On
+   success return zero and fills in ABBREVP.  When there is no (more)
+   abbrev at offset returns one.  On error returns a negative value.  */
+ extern int dwarf_offabbrev (Dwarf *dbg, Dwarf_Off offset, size_t *lengthp,
+                            Dwarf_Abbrev *abbrevp)
+      __nonnull_attribute__ (4);
+diff --git a/libdw/libdwP.h b/libdw/libdwP.h
+index d6bab60..0cff5c2 100644
+--- a/libdw/libdwP.h
+++ b/libdw/libdwP.h
+@@ -795,8 +795,7 @@ extern Dwarf_Abbrev *__libdw_findabbrev (struct Dwarf_CU *cu,
+ 
+ /* Get abbreviation at given offset.  */
+ extern Dwarf_Abbrev *__libdw_getabbrev (Dwarf *dbg, struct Dwarf_CU *cu,
+-                                       Dwarf_Off offset, size_t *lengthp,
+-                                       Dwarf_Abbrev *result)
+                                       Dwarf_Off offset, size_t *lengthp)
+      __nonnull_attribute__ (1) internal_function;
+ 
+ /* Get abbreviation of given DIE, and optionally set *READP to the DIE memory
+-- 
+2.43.2

diff --git a/meta/recipes-devtools/elfutils/files/CVE-2025-1352.patch b/meta/recipes-devtools/elfutils/files/CVE-2025-1352.patch new file mode 100644 index 0000000000..b5e8dff980 --- /dev/null +++ b/meta/recipes-devtools/elfutils/files/CVE-2025-1352.patch
@@ -0,0 +1,154 @@
	1	From 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753 Mon Sep 17 00:00:00 2001
	2	From: Mark Wielaard <mark@klomp.org>
	3	Date: Sat, 8 Feb 2025 20:00:12 +0100
	4	Subject: [PATCH] libdw: Simplify __libdw_getabbrev and fix dwarf_offabbrev
	5	issue
	6
	7	__libdw_getabbrev could crash on reading a bad abbrev by trying to
	8	deallocate memory it didn't allocate itself. This could happen because
	9	dwarf_offabbrev would supply its own memory when calling
	10	__libdw_getabbrev. No other caller did this.
	11
	12	Simplify the __libdw_getabbrev common code by not taking external
	13	memory to put the abbrev result in (this would also not work correctly
	14	if the abbrev was already cached). And make dwarf_offabbrev explicitly
	15	copy the result (if there was no error or end of abbrev).
	16
	17	* libdw/dwarf_getabbrev.c (__libdw_getabbrev): Don't take
	18	Dwarf_Abbrev result argument. Always just allocate abb when
	19	abbrev not found in cache.
	20	(dwarf_getabbrev): Don't pass NULL as last argument to
	21	__libdw_getabbrev.
	22	* libdw/dwarf_tag.c (__libdw_findabbrev): Likewise.
	23	* libdw/dwarf_offabbrev.c (dwarf_offabbrev): Likewise. And copy
	24	abbrev into abbrevp on success.
	25	* libdw/libdw.h (dwarf_offabbrev): Document return values.
	26	* libdw/libdwP.h (__libdw_getabbrev): Don't take Dwarf_Abbrev
	27	result argument.
	28
	29	https://sourceware.org/bugzilla/show_bug.cgi?id=32650
	30
	31	CVE: CVE-2025-1352
	32
	33	Upstream-Status: Backport [https://sourceware.org/git/?p=elfutils.git;a=2636426a091bd6c6f7f02e49ab20d4cdc6bfc753]
	34
	35	Signed-off-by: Mark Wielaard <mark@klomp.org>
	36	Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
	37	---
	38	libdw/dwarf_getabbrev.c \| 12 ++++--------
	39	libdw/dwarf_offabbrev.c \| 10 +++++++---
	40	libdw/dwarf_tag.c \| 3 +--
	41	libdw/libdw.h \| 4 +++-
	42	libdw/libdwP.h \| 3 +--
	43	5 files changed, 16 insertions(+), 16 deletions(-)
	44
	45	diff --git a/libdw/dwarf_getabbrev.c b/libdw/dwarf_getabbrev.c
	46	index 5b02333..d9a6c02 100644
	47	--- a/libdw/dwarf_getabbrev.c
	48	+++ b/libdw/dwarf_getabbrev.c
	49	@@ -1,5 +1,6 @@
	50	/* Get abbreviation at given offset.
	51	Copyright (C) 2003, 2004, 2005, 2006, 2014, 2017 Red Hat, Inc.
	52	+ Copyright (C) 2025 Mark J. Wielaard <mark@klomp.org>
	53	This file is part of elfutils.
	54	Written by Ulrich Drepper <drepper@redhat.com>, 2003.
	55
	56	@@ -38,7 +39,7 @@
	57	Dwarf_Abbrev *
	58	internal_function
	59	__libdw_getabbrev (Dwarf dbg, struct Dwarf_CU cu, Dwarf_Off offset,
	60	- size_t lengthp, Dwarf_Abbrev result)
	61	+ size_t *lengthp)
	62	{
	63	/* Don't fail if there is not .debug_abbrev section. */
	64	if (dbg->sectiondata[IDX_debug_abbrev] == NULL)
	65	@@ -85,12 +86,7 @@ __libdw_getabbrev (Dwarf dbg, struct Dwarf_CU cu, Dwarf_Off offset,
	66	Dwarf_Abbrev *abb = NULL;
	67	if (cu == NULL
	68	\|\| (abb = Dwarf_Abbrev_Hash_find (&cu->abbrev_hash, code)) == NULL)
	69	- {
	70	- if (result == NULL)
	71	- abb = libdw_typed_alloc (dbg, Dwarf_Abbrev);
	72	- else
	73	- abb = result;
	74	- }
	75	+ abb = libdw_typed_alloc (dbg, Dwarf_Abbrev);
	76	else
	77	{
	78	foundit = true;
	79	@@ -183,5 +179,5 @@ dwarf_getabbrev (Dwarf_Die die, Dwarf_Off offset, size_t lengthp)
	80	return NULL;
	81	}
	82
	83	- return __libdw_getabbrev (dbg, cu, abbrev_offset + offset, lengthp, NULL);
	84	+ return __libdw_getabbrev (dbg, cu, abbrev_offset + offset, lengthp);
	85	}
	86	diff --git a/libdw/dwarf_offabbrev.c b/libdw/dwarf_offabbrev.c
	87	index 27cdad6..41df69b 100644
	88	--- a/libdw/dwarf_offabbrev.c
	89	+++ b/libdw/dwarf_offabbrev.c
	90	@@ -41,11 +41,15 @@ dwarf_offabbrev (Dwarf dbg, Dwarf_Off offset, size_t lengthp,
	91	if (dbg == NULL)
	92	return -1;
	93
	94	- Dwarf_Abbrev *abbrev = __libdw_getabbrev (dbg, NULL, offset, lengthp,
	95	- abbrevp);
	96	+ Dwarf_Abbrev *abbrev = __libdw_getabbrev (dbg, NULL, offset, lengthp);
	97
	98	if (abbrev == NULL)
	99	return -1;
	100
	101	- return abbrev == DWARF_END_ABBREV ? 1 : 0;
	102	+ if (abbrev == DWARF_END_ABBREV)
	103	+ return 1;
	104	+
	105	+ abbrevp = abbrev;
	106	+
	107	+ return 0;
	108	}
	109	diff --git a/libdw/dwarf_tag.c b/libdw/dwarf_tag.c
	110	index d784970..218382a 100644
	111	--- a/libdw/dwarf_tag.c
	112	+++ b/libdw/dwarf_tag.c
	113	@@ -53,8 +53,7 @@ __libdw_findabbrev (struct Dwarf_CU *cu, unsigned int code)
	114
	115	/* Find the next entry. It gets automatically added to the
	116	hash table. */
	117	- abb = __libdw_getabbrev (cu->dbg, cu, cu->last_abbrev_offset, &length,
	118	- NULL);
	119	+ abb = __libdw_getabbrev (cu->dbg, cu, cu->last_abbrev_offset, &length);
	120	if (abb == NULL \|\| abb == DWARF_END_ABBREV)
	121	{
	122	/* Make sure we do not try to search for it again. */
	123	diff --git a/libdw/libdw.h b/libdw/libdw.h
	124	index d53dc78..ec4713a 100644
	125	--- a/libdw/libdw.h
	126	+++ b/libdw/libdw.h
	127	@@ -587,7 +587,9 @@ extern int dwarf_srclang (Dwarf_Die *die);
	128	extern Dwarf_Abbrev dwarf_getabbrev (Dwarf_Die die, Dwarf_Off offset,
	129	size_t *lengthp);
	130
	131	-/* Get abbreviation at given offset in .debug_abbrev section. */
	132	+/* Get abbreviation at given offset in .debug_abbrev section. On
	133	+ success return zero and fills in ABBREVP. When there is no (more)
	134	+ abbrev at offset returns one. On error returns a negative value. */
	135	extern int dwarf_offabbrev (Dwarf dbg, Dwarf_Off offset, size_t lengthp,
	136	Dwarf_Abbrev *abbrevp)
	137	__nonnull_attribute__ (4);
	138	diff --git a/libdw/libdwP.h b/libdw/libdwP.h
	139	index d6bab60..0cff5c2 100644
	140	--- a/libdw/libdwP.h
	141	+++ b/libdw/libdwP.h
	142	@@ -795,8 +795,7 @@ extern Dwarf_Abbrev __libdw_findabbrev (struct Dwarf_CU cu,
	143
	144	/* Get abbreviation at given offset. */
	145	extern Dwarf_Abbrev __libdw_getabbrev (Dwarf dbg, struct Dwarf_CU *cu,
	146	- Dwarf_Off offset, size_t *lengthp,
	147	- Dwarf_Abbrev *result)
	148	+ Dwarf_Off offset, size_t *lengthp)
	149	__nonnull_attribute__ (1) internal_function;
	150
	151	/* Get abbreviation of given DIE, and optionally set *READP to the DIE memory
	152	--
	153	2.43.2
	154