--- /dev/null
+From 5f8987d3999edb26e757115fe87be55787d510b9 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 17 Dec 2024 09:18:57 +0000
+Subject: [PATCH] nm: Avoid potential segmentation fault when displaying
+ symbols without version info.
+
+PR 32467
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0]
+CVE: CVE-2024-57360
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ binutils/nm.c | 24 ++++++++++++++++--------
+ 1 file changed, 16 insertions(+), 8 deletions(-)
+
+diff --git a/binutils/nm.c b/binutils/nm.c
+index faf27c59b4d..0ba7604d34f 100644
+--- a/binutils/nm.c
++++ b/binutils/nm.c
+@@ -682,7 +682,7 @@ print_symname (const char *form, struct extended_symbol_info *info,
+ const char *name, bfd *abfd)
+ {
+ char *alloc = NULL;
+- char *atver = NULL;
++ char *atname = NULL;
+
+ if (name == NULL)
+ name = info->sinfo->name;
+@@ -690,9 +690,19 @@ print_symname (const char *form, struct extended_symbol_info *info,
+ if (!with_symbol_versions
+ && bfd_get_flavour (abfd) == bfd_target_elf_flavour)
+ {
+- atver = strchr (name, '@');
++ char *atver = strchr (name, '@');
++
+ if (atver)
+- *atver = 0;
++ {
++ /* PR 32467 - Corrupt binaries might include an @ character in a
++ symbol name. Since non-versioned symbol names can be in
++ read-only memory (via memory mapping of a file's contents) we
++ cannot just replace the @ character with a NUL. Instead we
++ create a truncated copy of the name. */
++ atname = xstrdup (name);
++ atname [atver - name] = 0;
++ name = atname;
++ }
+ }
+
+ if (do_demangle && *name)
+@@ -703,9 +713,7 @@ print_symname (const char *form, struct extended_symbol_info *info,
+ }
+
+ if (unicode_display != unicode_default)
+- {
+- name = convert_utf8 (name);
+- }
++ name = convert_utf8 (name);
+
+ if (info != NULL && info->elfinfo && with_symbol_versions)
+ {
+@@ -726,8 +734,8 @@ print_symname (const char *form, struct extended_symbol_info *info,
+ }
+ }
+ printf (form, name);
+- if (atver)
+- *atver = '@';
++
++ free (atname);
+ free (alloc);
+ }
+
+--
+2.43.5
+
--- /dev/null
+From 75086e9de1707281172cc77f178e7949a4414ed0 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 5 Feb 2025 13:26:51 +0000
+Subject: [PATCH] Prevent an abort in the bfd linker when attempting to
+ generate dynamic relocs for a corrupt input file.
+
+PR 32638
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=75086e9de1707281172cc77f178e7949a4414ed0]
+CVE: CVE-2025-1178
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ bfd/elf64-x86-64.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
+index 61334c3ab04..32db254ba6c 100644
+--- a/bfd/elf64-x86-64.c
++++ b/bfd/elf64-x86-64.c
+@@ -5303,6 +5303,15 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
+
+ if (generate_dynamic_reloc)
+ {
++ /* If the relgot section has not been created, then
++ generate an error instead of a reloc. cf PR 32638. */
++ if (relgot == NULL || relgot->size == 0)
++ {
++ info->callbacks->einfo (_("%F%pB: Unable to generate dynamic relocs because a suitable section does not exist\n"),
++ output_bfd);
++ return false;
++ }
++
+ if (relative_reloc_name != NULL
+ && htab->params->report_relative_reloc)
+ _bfd_x86_elf_link_report_relative_reloc
+--
+2.43.5
+
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
