Fix a potential dereference of a NULL pointer.

Resolves: #2152946

binutils-CVE-2022-4285.patch

@@ -0,0 +1,13 @@
+--- binutils.orig/bfd/elf.c	2022-12-13 15:21:20.040233487 +0000
++++ binutils-2.39/bfd/elf.c	2022-12-13 15:22:33.580986232 +0000
+@@ -8868,7 +8868,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ 	  bfd_set_error (bfd_error_file_too_big);
+ 	  goto error_return_verref;
+ 	}
+-      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt);
++      if (amt == 0)
++       goto error_return_verref;
++      elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt);
+       if (elf_tdata (abfd)->verref == NULL)
+ 	goto error_return_verref;
+ 

binutils.spec

@@ -39,7 +39,7 @@
 Summary: A GNU collection of binary utilities
 Name: binutils%{?name_cross}%{?_with_debug:-debug}
 Version: 2.39
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv3+
 URL: https://sourceware.org/binutils
 
@@ -311,6 +311,10 @@ Patch22: binutils-readelf-no-sections.patch
 # Lifetime: Fixed in 2.40
 Patch23: binutils-libiberty-configure-compile-warnings.patch
 
+# Purpose:  Fix a potential reference of a NULL pointer.
+# Lifetime: Fixed in 2.40
+Patch24: binutils-CVE-2022-4285.patch
+
 #----------------------------------------------------------------------------
 
 Provides: bundled(libiberty)
@@ -967,6 +971,9 @@ exit 0
 
 #----------------------------------------------------------------------------
 %changelog
+* Tue Dec 13 2022 Nick Clifton  <nickc@redhat.com> - 2.39-7
+- Fix a potential dereference of a NULL pointer.  (#2152946)
+
 * Wed Nov 23 2022 Nick Clifton  <nickc@redhat.com> - 2.39-6
 - Fix compile time warnings of the configure test files in the libiberty directory.  (#2144041)