Fix a potential NULL pointer derefence when parsing corrupt ELF symbol version information. (#2243769)

2023-10-13 12:44:52 +01:00 · 2023-10-13 12:44:52 +01:00 · c2d4243912
commit c2d4243912
parent d294fe2ca4
2 changed files with 38 additions and 1 deletions
--- a/binutils-handle-corrupt-version-info.patch
+++ b/binutils-handle-corrupt-version-info.patch
@ -0,0 +1,29 @@
+--- binutils.orig/bfd/elf.c	2023-10-13 11:38:25.159530287 +0100
+++ binutils-2.41/bfd/elf.c	2023-10-13 11:41:23.290898228 +0100
+@@ -9479,6 +9479,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ 	  if (elf_use_dt_symtab_p (abfd))
+ 	    iverneed->vn_filename
+ 	      = elf_tdata (abfd)->dt_strtab + iverneed->vn_file;
+	  else if (hdr == NULL)
+	    goto error_return_bad_verref;
+ 	  else
+ 	    iverneed->vn_filename
+ 	      = bfd_elf_string_from_elf_section (abfd, hdr->sh_link,
+@@ -9516,6 +9518,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ 	      if (elf_use_dt_symtab_p (abfd))
+ 		ivernaux->vna_nodename
+ 		  = elf_tdata (abfd)->dt_strtab + ivernaux->vna_name;
+	      else if (hdr == NULL)
+		goto error_return_bad_verref;
+ 	      else
+ 		ivernaux->vna_nodename
+ 		  = bfd_elf_string_from_elf_section (abfd, hdr->sh_link,
+@@ -9546,7 +9550,7 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ 	  iverneed->vn_nextref = NULL;
+ 	  if (iverneed->vn_next == 0)
+ 	    break;
+-	  if (i + 1 < hdr->sh_info)
+	  if (hdr != NULL && (i + 1 < hdr->sh_info))
+ 	    iverneed->vn_nextref = iverneed + 1;
+ 
+ 	  if (iverneed->vn_next
--- a/binutils.spec
+++ b/binutils.spec
@ -2,7 +2,7 @@
 Summary: A GNU collection of binary utilities
 Name: binutils%{?_with_debug:-debug}
 Version: 2.41
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later LGPL-2.1-or-later AND LGPL-2.0-or-later
 URL: https://sourceware.org/binutils

@ -256,6 +256,11 @@ Patch17: binutils-riscv-testsuite-fixes.patch
 # Lifetime: Fixed in 2.42
 Patch18: binutils-gold-powerpc.patch

+# Purpose:  Fix a potential NULL pointer dereference when parsing corrupt
+#            ELF symbol version information.
+# Lifetime: Fixed in 2.42
+Patch19: binutils-handle-corrupt-version-info.patch
+
 #----------------------------------------------------------------------------

 Provides: bundled(libiberty)
@ -1255,6 +1260,9 @@ exit 0

 #----------------------------------------------------------------------------
 %changelog
+* Fri Oct 13 2023 Nick Clifton  <nickc@redhat.com> - 2.41-7
+- Fix a potential NULL pointer derefence when parsing corrupt ELF symbol version information.  (#2243769)
+
 * Thu Oct 12 2023 Nick Clifton  <nickc@redhat.com> - 2.41-6
 - Enable warnings about executable stacks by default.