Backport "libiberty: prevent buffer overflow when decoding user input"

Resolves: rhbz#2132600

_gdb.spec.Patch.include

@@ -475,3 +475,7 @@ Patch114: gdb-fix-gdb.base-printcmds-s390x-regressions.patch
 # (Tom de Vries, RHBZ2130624)
 Patch115: gdb-rhbz-2130624-assert_in_jit_event_handler.patch
 
+# Backport libiberty: prevent buffer overflow when decoding user input
+# (Luís Ferreira, RHBZ2132600)
+Patch116: libiberty-rhbz-2132600-prevent-buffer-overflow.patch
+

_gdb.spec.patch.include

@@ -113,3 +113,4 @@
 %patch113 -p1
 %patch114 -p1
 %patch115 -p1
+%patch116 -p1

_patch_order

@@ -113,3 +113,4 @@ gdb-rhbz2086761-unknown-cfa-rule.patch
 gdb-rhbz2155439-assert-failure-copy_type.patch
 gdb-fix-gdb.base-printcmds-s390x-regressions.patch
 gdb-rhbz-2130624-assert_in_jit_event_handler.patch
+libiberty-rhbz-2132600-prevent-buffer-overflow.patch

gdb.spec

@@ -37,7 +37,7 @@ Version: 10.2
 
 # The release always contains a leading reserved number, start it at 1.
 # `upstream' is not a part of `name' to stay fully rpm dependencies compatible for the testing.
-Release: 10%{?dist}
+Release: 11%{?dist}
 
 License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and LGPLv3+ and BSD and Public Domain and GFDL
 # Do not provide URL for snapshots as the file lasts there only for 2 days.
@@ -1158,6 +1158,10 @@ fi
 %endif
 
 %changelog
+* Wed Mar 29 2023 Bruno Larsen <blarsen@redhat.com> - 10.2-11.el9
+- Backport "libiberty: prevent buffer overflow when decoding user input"
+  (Luís Ferreira, RHBZ2132600)
+
 * Mon Mar 27 2023 Bruno Larsen <blarsen@redhat.com>
 - Backport "[gdb/breakpoint] Fix assert in jit_event_handler"
   (Tom de Vries, RHBZ 2130624)

libiberty-rhbz-2132600-prevent-buffer-overflow.patch

@@ -0,0 +1,27 @@
+From FEDORA_PATCHES Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Lu=C3=ADs=20Ferreira?= <contact@lsferreira.net>
+Date: Thu, 23 Sep 2021 11:33:47 -0400
+Subject: libiberty-rhbz-2132600-prevent-buffer-overflow.patch
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+;; Backport libiberty: prevent buffer overflow when decoding user input
+;; (Luís Ferreira, RHBZ2132600)
+
+libiberty/
+	* d-demangle.c (dlang_symbol_backref): Ensure strlen of
+	string is less than length computed by dlang_number.
+
+diff --git a/libiberty/d-demangle.c b/libiberty/d-demangle.c
+--- a/libiberty/d-demangle.c
++++ b/libiberty/d-demangle.c
+@@ -380,7 +380,7 @@ dlang_symbol_backref (string *decl, const char *mangled,
+ 
+   /* Must point to a simple identifier.  */
+   backref = dlang_number (backref, &len);
+-  if (backref == NULL)
++  if (backref == NULL || strlen (backref) < len)
+     return NULL;
+ 
+   backref = dlang_lname (decl, backref, len);