diff --git a/binutils-memory-access-when-parsing-an-elf-file.patch b/binutils-memory-access-when-parsing-an-elf-file.patch new file mode 100644 index 0000000..ee3c963 --- /dev/null +++ b/binutils-memory-access-when-parsing-an-elf-file.patch @@ -0,0 +1,17 @@ +diff --git a/bfd/elf.c b/bfd/elf.c +index fe00e0f9189..7cd7febcf95 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver) + bfd_set_error (bfd_error_file_too_big); + goto error_return_verref; + } +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); ++ if (amt == 0) ++ goto error_return_verref; ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verref == NULL) + goto error_return_verref; + +-- +2.31.1 diff --git a/binutils.spec b/binutils.spec index 87006a0..99b8b39 100644 --- a/binutils.spec +++ b/binutils.spec @@ -2,7 +2,7 @@ Summary: A GNU collection of binary utilities Name: binutils%{?_with_debug:-debug} Version: 2.35.2 -Release: 39%{?dist} +Release: 40%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -429,6 +429,9 @@ Patch62: binutils-no-comment-in-bfd-stdint.patch # Lifetime: Fixed in 2.40 Patch63: binutils-CVE-2023-25587.patch +# Purpose: binutils fix an illegal memory access when parsing an elf file containing corrupt symbol version information +# Lifetime: 2.39 +Patch64: binutils-memory-access-when-parsing-an-elf-file.patch #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -1269,6 +1272,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Thu Mar 16 2023 Yara Ahmad - 2.35.2-40 +- Fix an illegal memory access when parsing an ELF file containing corrupt symbol version information. (#2164701) + * Thu Mar 09 2023 Nick Clifton - 2.35.2-39 - NVR bump to allow rebuilding.