From c2d424391280154e840b54dd92f0e0ae2480b891 Mon Sep 17 00:00:00 2001
From: Nick Clifton <nickc@redhat.com>
Date: Fri, 13 Oct 2023 12:44:52 +0100
Subject: [PATCH] Fix a potential NULL pointer derefence when parsing corrupt
 ELF symbol version information.  (#2243769)

---
 binutils-handle-corrupt-version-info.patch | 29 ++++++++++++++++++++++
 binutils.spec                              | 10 +++++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 binutils-handle-corrupt-version-info.patch

diff --git a/binutils-handle-corrupt-version-info.patch b/binutils-handle-corrupt-version-info.patch
new file mode 100644
index 0000000..72e85f4
--- /dev/null
+++ b/binutils-handle-corrupt-version-info.patch
@@ -0,0 +1,29 @@
+--- binutils.orig/bfd/elf.c	2023-10-13 11:38:25.159530287 +0100
++++ binutils-2.41/bfd/elf.c	2023-10-13 11:41:23.290898228 +0100
+@@ -9479,6 +9479,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ 	  if (elf_use_dt_symtab_p (abfd))
+ 	    iverneed->vn_filename
+ 	      = elf_tdata (abfd)->dt_strtab + iverneed->vn_file;
++	  else if (hdr == NULL)
++	    goto error_return_bad_verref;
+ 	  else
+ 	    iverneed->vn_filename
+ 	      = bfd_elf_string_from_elf_section (abfd, hdr->sh_link,
+@@ -9516,6 +9518,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ 	      if (elf_use_dt_symtab_p (abfd))
+ 		ivernaux->vna_nodename
+ 		  = elf_tdata (abfd)->dt_strtab + ivernaux->vna_name;
++	      else if (hdr == NULL)
++		goto error_return_bad_verref;
+ 	      else
+ 		ivernaux->vna_nodename
+ 		  = bfd_elf_string_from_elf_section (abfd, hdr->sh_link,
+@@ -9546,7 +9550,7 @@ _bfd_elf_slurp_version_tables (bfd *abfd
+ 	  iverneed->vn_nextref = NULL;
+ 	  if (iverneed->vn_next == 0)
+ 	    break;
+-	  if (i + 1 < hdr->sh_info)
++	  if (hdr != NULL && (i + 1 < hdr->sh_info))
+ 	    iverneed->vn_nextref = iverneed + 1;
+ 
+ 	  if (iverneed->vn_next
diff --git a/binutils.spec b/binutils.spec
index 3e5cae0..b75c4c0 100644
--- a/binutils.spec
+++ b/binutils.spec
@@ -2,7 +2,7 @@
 Summary: A GNU collection of binary utilities
 Name: binutils%{?_with_debug:-debug}
 Version: 2.41
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPL-3.0-or-later AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND BSD-3-Clause AND GFDL-1.3-or-later AND GPL-2.0-or-later LGPL-2.1-or-later AND LGPL-2.0-or-later
 URL: https://sourceware.org/binutils
 
@@ -256,6 +256,11 @@ Patch17: binutils-riscv-testsuite-fixes.patch
 # Lifetime: Fixed in 2.42
 Patch18: binutils-gold-powerpc.patch
 
+# Purpose:  Fix a potential NULL pointer dereference when parsing corrupt
+#            ELF symbol version information.
+# Lifetime: Fixed in 2.42
+Patch19: binutils-handle-corrupt-version-info.patch
+
 #----------------------------------------------------------------------------
 
 Provides: bundled(libiberty)
@@ -1255,6 +1260,9 @@ exit 0
 
 #----------------------------------------------------------------------------
 %changelog
+* Fri Oct 13 2023 Nick Clifton  <nickc@redhat.com> - 2.41-7
+- Fix a potential NULL pointer derefence when parsing corrupt ELF symbol version information.  (#2243769)
+
 * Thu Oct 12 2023 Nick Clifton  <nickc@redhat.com> - 2.41-6
 - Enable warnings about executable stacks by default.