From 7ef644fbf6e1697104cf4b71e0bf59557b0fea08 Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Tue, 13 Dec 2022 16:06:33 +0000 Subject: [PATCH] Fix a potential dereference of a NULL pointer. Resolves: #2152946 --- binutils-CVE-2022-4285.patch | 13 +++++++++++++ binutils.spec | 9 ++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 binutils-CVE-2022-4285.patch diff --git a/binutils-CVE-2022-4285.patch b/binutils-CVE-2022-4285.patch new file mode 100644 index 0000000..191e6f1 --- /dev/null +++ b/binutils-CVE-2022-4285.patch @@ -0,0 +1,13 @@ +--- binutils.orig/bfd/elf.c 2022-12-13 15:21:20.040233487 +0000 ++++ binutils-2.39/bfd/elf.c 2022-12-13 15:22:33.580986232 +0000 +@@ -8868,7 +8868,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd + bfd_set_error (bfd_error_file_too_big); + goto error_return_verref; + } +- elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_alloc (abfd, amt); ++ if (amt == 0) ++ goto error_return_verref; ++ elf_tdata (abfd)->verref = (Elf_Internal_Verneed *) bfd_zalloc (abfd, amt); + if (elf_tdata (abfd)->verref == NULL) + goto error_return_verref; + diff --git a/binutils.spec b/binutils.spec index ac3ce80..62d7776 100644 --- a/binutils.spec +++ b/binutils.spec @@ -39,7 +39,7 @@ Summary: A GNU collection of binary utilities Name: binutils%{?name_cross}%{?_with_debug:-debug} Version: 2.39 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv3+ URL: https://sourceware.org/binutils @@ -311,6 +311,10 @@ Patch22: binutils-readelf-no-sections.patch # Lifetime: Fixed in 2.40 Patch23: binutils-libiberty-configure-compile-warnings.patch +# Purpose: Fix a potential reference of a NULL pointer. +# Lifetime: Fixed in 2.40 +Patch24: binutils-CVE-2022-4285.patch + #---------------------------------------------------------------------------- Provides: bundled(libiberty) @@ -967,6 +971,9 @@ exit 0 #---------------------------------------------------------------------------- %changelog +* Tue Dec 13 2022 Nick Clifton - 2.39-7 +- Fix a potential dereference of a NULL pointer. (#2152946) + * Wed Nov 23 2022 Nick Clifton - 2.39-6 - Fix compile time warnings of the configure test files in the libiberty directory. (#2144041)