- Add binutils-pr29482.diff for PR29482, aka CVE-2022-38533

[bsc#1202816] OBS-URL: https://build.opensuse.org/package/show/devel:gcc/binutils?expand=0&rev=417
2022-08-26 13:26:14 +00:00 · 2022-08-26 13:26:14 +00:00 · df4986e3dc
commit df4986e3dc
parent dadfa067bf
3 changed files with 41 additions and 0 deletions
--- a/binutils-pr29482.diff
+++ b/binutils-pr29482.diff
@ -0,0 +1,33 @@
+PR29482 aka CVE-2022-38533
+
+From ef186fe54aa6d281a3ff8a9528417e5cc614c797 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sat, 13 Aug 2022 15:32:47 +0930
+Subject: [PATCH 1/1] PR29482 - strip: heap-buffer-overflow
+
+	PR 29482
+	* coffcode.h (coff_set_section_contents): Sanity check _LIB.
+---
+ bfd/coffcode.h | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+Index: binutils-2.39/bfd/coffcode.h
+===================================================================
+--- binutils-2.39.orig/bfd/coffcode.h	2022-07-08 11:46:47.000000000 +0200
+++ binutils-2.39/bfd/coffcode.h	2022-08-26 15:23:58.749610670 +0200
+@@ -4284,10 +4284,13 @@ coff_set_section_contents (bfd * abfd,
+ 
+ 	rec = (bfd_byte *) location;
+ 	recend = rec + count;
+-	while (rec < recend)
+	while (recend - rec >= 4)
+ 	  {
+	    size_t len = bfd_get_32 (abfd, rec);
+	    if (len == 0 || len > (size_t) (recend - rec) / 4)
+	      break;
+	    rec += len * 4;
+ 	    ++section->lma;
+-	    rec += bfd_get_32 (abfd, rec) * 4;
+ 	  }
+ 
+ 	BFD_ASSERT (rec == recend);
--- a/binutils.changes
+++ b/binutils.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Aug 26 13:24:35 UTC 2022 - Michael Matz <matz@suse.com>
+
+- Add binutils-pr29482.diff for PR29482, aka CVE-2022-38533
+  [bsc#1202816]
+
 -------------------------------------------------------------------
 Wed Aug 10 09:04:57 UTC 2022 - Martin Liška <mliska@suse.cz>

--- a/binutils.spec
+++ b/binutils.spec
@ -138,6 +138,7 @@ Patch40:        binutils-fix-abierrormsg.diff
 Patch41:        binutils-fix-relax.diff
 Patch42:        binutils-compat-old-behaviour.diff
 Patch43:        binutils-revert-hlasm-insns.diff
+Patch44:        binutils-pr29482.diff
 Patch100:       add-ulp-section.diff
 Patch90:        cross-avr-nesc-as.patch
 Patch92:        cross-avr-omit_section_dynsym.patch
@ -260,6 +261,7 @@ cp ld/ldgram.y ld/ldgram.y.orig
 %patch42 -p1
 %patch43 -p1
 %endif
+%patch44 -p1
 %patch100 -p1
 %if "%{TARGET}" == "avr"
 cp gas/config/tc-avr.h gas/config/tc-avr-nesc.h