Binutils fix an illegal memory access when parsing an elf file containing corrupt symbol version information

Resolves: #2164701

binutils-memory-access-when-parsing-an-elf-file.patch

@@ -0,0 +1,17 @@
+diff --git a/bfd/elf.c b/bfd/elf.c
+index fe00e0f9189..7cd7febcf95 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -8918,7 +8918,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+ 	  bfd_set_error (bfd_error_file_too_big);
+ 	  goto error_return_verref;
+ 	}
+-      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt);
++      if (amt == 0)
++	goto error_return_verref;
++      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt);
+       if (elf_tdata (abfd)->verref == NULL)
+ 	goto error_return_verref;
+ 
+-- 
+2.31.1

binutils.spec

@@ -2,7 +2,7 @@
 Summary: A GNU collection of binary utilities
 Name: binutils%{?_with_debug:-debug}
 Version: 2.35.2
-Release: 39%{?dist}
+Release: 40%{?dist}
 License: GPLv3+
 URL: https://sourceware.org/binutils
 
@@ -429,6 +429,9 @@ Patch62: binutils-no-comment-in-bfd-stdint.patch
 # Lifetime: Fixed in 2.40
 Patch63: binutils-CVE-2023-25587.patch
 
+# Purpose:  binutils fix an illegal memory access when parsing an elf file containing corrupt symbol version information
+# Lifetime: 2.39 
+Patch64: binutils-memory-access-when-parsing-an-elf-file.patch
 #----------------------------------------------------------------------------
 
 Provides: bundled(libiberty)
@@ -1269,6 +1272,9 @@ exit 0
 
 #----------------------------------------------------------------------------
 %changelog
+* Thu Mar 16 2023 Yara Ahmad  <yahmad@redhat.com> - 2.35.2-40
+- Fix an illegal memory access when parsing an ELF file containing corrupt symbol version information.  (#2164701) 
+
 * Thu Mar 09 2023 Nick Clifton  <nickc@redhat.com> - 2.35.2-39
 - NVR bump to allow rebuilding.