[kirkstone 03/24] binutils : CVE-2022-38533


Steve Sakoman
 

From: pgowda <pgowda.cve@...>

Upstream-Status: Backport
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]

Signed-off-by: pgowda <pgowda.cve@...>
Signed-off-by: Steve Sakoman <steve@...>
---
.../binutils/binutils-2.38.inc | 1 +
.../binutils/0015-CVE-2022-38533.patch | 36 +++++++++++++++++++
2 files changed, 37 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index eed252976a..8aa8295881 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -33,5 +33,6 @@ SRC_URI = "\
file://0012-Check-for-clang-before-checking-gcc-version.patch \
file://0013-Avoid-as-info-race-condition.patch \
file://0014-CVE-2019-1010204.patch \
+ file://0015-CVE-2022-38533.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch b/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch
new file mode 100644
index 0000000000..5d9ac2cb1f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0015-CVE-2022-38533.patch
@@ -0,0 +1,36 @@
+From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@...>
+Date: Sat, 13 Aug 2022 15:32:47 +0930
+Subject: [PATCH] PR29482 - strip: heap-buffer-overflow
+
+ PR 29482
+ * coffcode.h (coff_set_section_contents): Sanity check _LIB.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797]
+
+Signed-off-by: Pgowda <pgowda.cve@...>
+
+---
+ bfd/coffcode.h | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/coffcode.h b/bfd/coffcode.h
+index 67aaf158ca1..52027981c3f 100644
+--- a/bfd/coffcode.h
++++ b/bfd/coffcode.h
+@@ -4302,10 +4302,13 @@ coff_set_section_contents (bfd * abfd,
+
+ rec = (bfd_byte *) location;
+ recend = rec + count;
+- while (rec < recend)
++ while (recend - rec >= 4)
+ {
++ size_t len = bfd_get_32 (abfd, rec);
++ if (len == 0 || len > (size_t) (recend - rec) / 4)
++ break;
++ rec += len * 4;
+ ++section->lma;
+- rec += bfd_get_32 (abfd, rec) * 4;
+ }
+
+ BFD_ASSERT (rec == recend);
--
2.25.1

Join {openembedded-core@lists.openembedded.org to automatically receive all group messages.