Backport upstream commit 8f2c64de86b which fixes RHBZ 2233961,

CVE-2022-48064, (Alan Modra).
2023-09-17 13:45:41 +02:00 · 2023-09-17 13:45:41 +02:00 · a5080fa18b
parent ba3a754341
commit a5080fa18b
5 changed files with 60 additions and 0 deletions
--- a/_gdb.spec.Patch.include
+++ b/_gdb.spec.Patch.include
@ -215,3 +215,7 @@ Patch048: gdb-bz2237515-debuginfod-double-free.patch
 # obstack allocation that wold lead to memory corruption.
 Patch049: gdb-bz2237392-dwarf-obstack-allocation.patch

+# Backport PR29922, SHT_NOBITS section
+# avoids section size sanity check.
+Patch050: gdb-rhbz2233961-CVE-2022-4806.patch
+
--- a/_gdb.spec.patch.include
+++ b/_gdb.spec.patch.include
@ -47,3 +47,4 @@
 %patch -p1 -P047
 %patch -p1 -P048
 %patch -p1 -P049
+%patch -p1 -P050
--- a/1
+++ b/1
@ -47,3 +47,4 @@ gdb-rhbz2160211-excessive-core-file-warnings.patch
 gdb-bz2196395-debuginfod-legacy-openssl-crash.patch
 gdb-bz2237515-debuginfod-double-free.patch
 gdb-bz2237392-dwarf-obstack-allocation.patch
+gdb-rhbz2233961-CVE-2022-4806.patch
--- a/gdb-rhbz2233961-CVE-2022-4806.patch
+++ b/gdb-rhbz2233961-CVE-2022-4806.patch
@ -0,0 +1,50 @@
+From FEDORA_PATCHES Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alexandra=20H=C3=A1jkov=C3=A1?= <ahajkova@redhat.com>
+Date: Sun, 17 Sep 2023 13:36:13 +0200
+Subject: gdb-rhbz2233961-CVE-2022-4806.patch
+
+;; Backport PR29922, SHT_NOBITS section
+;; avoids section size sanity check.
+
+PR29922, SHT_NOBITS section avoids section size sanity check
+
+	PR 29922
+	* dwarf2.c (find_debug_info): Ignore sections without
+	SEC_HAS_CONTENTS.
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+--- a/bfd/dwarf2.c
+++ b/bfd/dwarf2.c
+@@ -4831,16 +4831,19 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
+     {
+       look = debug_sections[debug_info].uncompressed_name;
+       msec = bfd_get_section_by_name (abfd, look);
+-      if (msec != NULL)
+      /* Testing SEC_HAS_CONTENTS is an anti-fuzzer measure.  Of
+	 course debug sections always have contents.  */
+      if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
+ 	return msec;
+ 
+       look = debug_sections[debug_info].compressed_name;
+       msec = bfd_get_section_by_name (abfd, look);
+-      if (msec != NULL)
+      if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
+         return msec;
+ 
+       for (msec = abfd->sections; msec != NULL; msec = msec->next)
+-	if (startswith (msec->name, GNU_LINKONCE_INFO))
+	if ((msec->flags & SEC_HAS_CONTENTS) != 0
+	    && startswith (msec->name, GNU_LINKONCE_INFO))
+ 	  return msec;
+ 
+       return NULL;
+@@ -4848,6 +4851,9 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
+ 
+   for (msec = after_sec->next; msec != NULL; msec = msec->next)
+     {
+      if ((msec->flags & SEC_HAS_CONTENTS) == 0)
+	continue;
+
+       look = debug_sections[debug_info].uncompressed_name;
+       if (strcmp (msec->name, look) == 0)
+ 	return msec;
--- a/gdb.spec
+++ b/gdb.spec
@ -1252,6 +1252,10 @@ fi
 %endif

 %changelog
+* Sun Sep 17 2023 Alexandra Hájková <ahajkova@redhat.com> - 13.2-8
+- Backport upstream commit 8f2c64de86b which fixes RHBZ 2233961,
+  CVE-2022-48064, (Alan Modra).
+
 * Fri Sep 15 2023 Keith Seitz <keiths@redhat.com> - 13.2-8
 - migrated to SPDX license