Fix a potential illegal memory access when copying a corrupt input file.
Resolves: RHEL-132254
This commit is contained in:
Nick Clifton
parent
ae50fe724f
commit
8c6590c3bb
49
binutils-CVE-2025-7546.patch
Normal file
49
binutils-CVE-2025-7546.patch
Normal file
@ -0,0 +1,49 @@
|
||||
From 41461010eb7c79fee7a9d5f6209accdaac66cc6b Mon Sep 17 00:00:00 2001
|
||||
From: "H.J. Lu" <hjl.tools@gmail.com>
|
||||
Date: Sat, 21 Jun 2025 06:52:00 +0800
|
||||
Subject: [PATCH] elf: Report corrupted group section
|
||||
|
||||
Report corrupted group section instead of trying to recover.
|
||||
|
||||
PR binutils/33050
|
||||
* elf.c (bfd_elf_set_group_contents): Report corrupted group
|
||||
section.
|
||||
|
||||
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
|
||||
---
|
||||
bfd/elf.c | 23 ++++++++++-------------
|
||||
1 file changed, 10 insertions(+), 13 deletions(-)
|
||||
|
||||
--- binutils-2.41.orig/bfd/elf.c 2025-12-16 09:04:43.724584660 +0000
|
||||
+++ binutils-2.41/bfd/elf.c 2025-12-16 09:04:52.974831776 +0000
|
||||
@@ -4127,20 +4127,17 @@ bfd_elf_set_group_contents (bfd *abfd, a
|
||||
break;
|
||||
}
|
||||
|
||||
- /* We should always get here with loc == sec->contents + 4, but it is
|
||||
- possible to craft bogus SHT_GROUP sections that will cause segfaults
|
||||
- in objcopy without checking loc here and in the loop above. */
|
||||
- if (loc == sec->contents)
|
||||
- BFD_ASSERT (0);
|
||||
- else
|
||||
+ /* We should always get here with loc == sec->contents + 4. Return
|
||||
+ an error for bogus SHT_GROUP sections. */
|
||||
+ loc -= 4;
|
||||
+ if (loc != sec->contents)
|
||||
{
|
||||
- loc -= 4;
|
||||
- if (loc != sec->contents)
|
||||
- {
|
||||
- BFD_ASSERT (0);
|
||||
- memset (sec->contents + 4, 0, loc - sec->contents);
|
||||
- loc = sec->contents;
|
||||
- }
|
||||
+ /* xgettext:c-format */
|
||||
+ _bfd_error_handler (_("%pB: corrupted group section: `%pA'"),
|
||||
+ abfd, sec);
|
||||
+ bfd_set_error (bfd_error_bad_value);
|
||||
+ *failedptr = true;
|
||||
+ return;
|
||||
}
|
||||
|
||||
H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);
|
||||
@ -2,7 +2,7 @@
|
||||
Summary: A GNU collection of binary utilities
|
||||
Name: binutils%{?_with_debug:-debug}
|
||||
Version: 2.41
|
||||
Release: 60%{?dist}
|
||||
Release: 61%{?dist}
|
||||
License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LGPL-2.0-or-later
|
||||
URL: https://sourceware.org/binutils
|
||||
|
||||
@ -397,6 +397,11 @@ Patch63: binutils-CVE-2025-11082.patch
|
||||
# Lifetime: Fixed in 2.46
|
||||
Patch64: binutils-CVE-2025-11083.patch
|
||||
|
||||
# Purpose: Stops a potential illegal memory access when copying a corrupt
|
||||
# input file. PR 33050
|
||||
# Lifetime: Fixed in 2.46
|
||||
Patch65: binutils-CVE-2025-7546.patch
|
||||
|
||||
#----------------------------------------------------------------------------
|
||||
|
||||
# Purpose: Suppress the x86 linker's p_align-1 tests due to kernel bug on CentOS-10
|
||||
@ -1436,6 +1441,9 @@ exit 0
|
||||
|
||||
#----------------------------------------------------------------------------
|
||||
%changelog
|
||||
* Tue Dec 16 2025 Nick Clifton <nickc@redhat.com> - 2.41-61
|
||||
- Fix a potential illegal memory access when copying a corrupt input file. (RHEL-132254)
|
||||
|
||||
* Mon Nov 10 2025 Nick Clifton <nickc@redhat.com> - 2.41-60
|
||||
- Fix a potential illegal memory access when linking a corrupt input file. (RHEL-126877)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user