binutils: patch CVE-2025-8225

Pick commit [1] mentioned in [2].

[1] https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-8225

Testsuite did not show any changes in results:

 === binutils Summary ===

 # of expected passes           310
 # of unexpected failures       1
 # of untested testcases        1
 # of unsupported tests         9

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc
index 5ee82fa0e59555d03173782187d793a03b1c12ab..a217d07e8c9ef558ff9f9a35167bcbef7065e112 100644 (file)
--- a/meta/recipes-devtools/binutils/binutils-2.44.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.44.inc
@@ -46,6 +46,7 @@ SRC_URI = "\
      file://0018-CVE-2025-5245.patch \
      file://0019-CVE-2025-7545.patch \
      file://0018-CVE-2025-7546.patch \
+     file://0019-CVE-2025-8225.patch \
      file://0020-Fix-for-borken-symlinks.patch \
 "
 S  = "${WORKDIR}/git"

diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch
new file mode 100644 (file)
index 0000000..43bc4c5
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch
@@ -0,0 +1,41 @@
+From e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 19 Feb 2025 22:45:29 +1030
+Subject: [PATCH] binutils/dwarf.c debug_information leak
+
+It is possible with fuzzed files to have num_debug_info_entries zero
+after allocating space for debug_information, leading to multiple
+allocations.
+
+       * dwarf.c (process_debug_info): Don't test num_debug_info_entries
+       to determine whether debug_information has been allocated,
+       test alloc_num_debug_info_entries.
+       
+CVE: CVE-2025-8225
+Upstream-Status: Backport [https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ binutils/dwarf.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index 8e004cea839..bfbf83ec9f4 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -3807,13 +3807,11 @@ process_debug_info (struct dwarf_section * section,
+     }
+ 
+   if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info)
+-      && num_debug_info_entries == 0
+-      && ! do_types)
++      && alloc_num_debug_info_entries == 0
++      && !do_types)
+     {
+-
+       /* Then allocate an array to hold the information.  */
+-      debug_information = (debug_info *) cmalloc (num_units,
+-                                                sizeof (* debug_information));
++      debug_information = cmalloc (num_units, sizeof (*debug_information));
+       if (debug_information == NULL)
+       {
+         error (_("Not enough memory for a debug info array of %u entries\n"),