gdb: Fix CVE-2024-53589

CVE: CVE-2024-53589

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

diff --git a/meta/recipes-devtools/gdb/gdb.inc b/meta/recipes-devtools/gdb/gdb.inc
index 6c9fe60cab80b7a95d86dcac1bbf371b44dec7dc..84cc65f79ba72f0e7d1741d640483ae41d0878f6 100644 (file)
--- a/meta/recipes-devtools/gdb/gdb.inc
+++ b/meta/recipes-devtools/gdb/gdb.inc
@@ -17,5 +17,6 @@ SRC_URI = "${GNU_MIRROR}/gdb/gdb-${PV}.tar.xz \
            file://0011-CVE-2023-39128.patch \
           file://0012-CVE-2023-39129.patch \
           file://0013-CVE-2023-39130.patch \
+           file://0014-CVE-2024-53589.patch \
            "
 SRC_URI[sha256sum] = "1497c36a71881b8671a9a84a0ee40faab788ca30d7ba19d8463c3cc787152e32"

diff --git a/meta/recipes-devtools/gdb/gdb/0014-CVE-2024-53589.patch b/meta/recipes-devtools/gdb/gdb/0014-CVE-2024-53589.patch
new file mode 100644 (file)
index 0000000..380112a
--- /dev/null
+++ b/meta/recipes-devtools/gdb/gdb/0014-CVE-2024-53589.patch
@@ -0,0 +1,92 @@
+Author: Alan Modra <amodra@gmail.com>
+Date:   Mon Nov 11 10:24:09 2024 +1030
+
+    Re: tekhex object file output fixes
+
+    Commit 8b5a212495 supported *ABS* symbols by allowing "section" to be
+    bfd_abs_section, but bfd_abs_section needs to be treated specially.
+    In particular, bfd_get_next_section_by_name (.., bfd_abs_section_ptr)
+    is invalid.
+
+            PR 32347
+            * tekhex.c (first_phase): Guard against modification of
+            _bfd_std_section[] entries.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88]
+CVE: CVE-2024-53589
+
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+
+diff --git a/bfd/tekhex.c b/bfd/tekhex.c
+index aea2ebb23df..b305c1f96f1 100644
+--- a/bfd/tekhex.c
++++ b/bfd/tekhex.c
+@@ -361,6 +361,7 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
+ {
+   asection *section, *alt_section;
+   unsigned int len;
++  bfd_vma addr;
+   bfd_vma val;
+   char sym[17];                       /* A symbol can only be 16chars long.  */
+
+@@ -368,20 +369,16 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
+     {
+     case '6':
+       /* Data record - read it and store it.  */
+-      {
+-      bfd_vma addr;
+-
+-      if (!getvalue (&src, &addr, src_end))
+-        return false;
+-
+-      while (*src && src < src_end - 1)
+-        {
+-          insert_byte (abfd, HEX (src), addr);
+-          src += 2;
+-          addr++;
+-        }
+-      return true;
+-      }
++      if (!getvalue (&src, &addr, src_end))
++       return false;
++
++      while (*src && src < src_end - 1)
++       {
++         insert_byte (abfd, HEX (src), addr);
++         src += 2;
++         addr++;
++       }
++      return true;
+
+     case '3':
+       /* Symbol record, read the segment.  */
+@@ -406,13 +403,16 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
+           {
+           case '1':           /* Section range.  */
+             src++;
+-            if (!getvalue (&src, &section->vma, src_end))
++             if (!getvalue (&src, &addr, src_end))
+               return false;
+             if (!getvalue (&src, &val, src_end))
+               return false;
+-            if (val < section->vma)
+-              val = section->vma;
+-            section->size = val - section->vma;
++             if (bfd_is_const_section (section))
++               break;
++             section->vma = addr;
++             if (val < addr)
++               val = addr;
++             section->size = val - addr;
+             /* PR 17512: file: objdump-s-endless-loop.tekhex.
+                Check for overlarge section sizes.  */
+             if (section->size & 0x80000000)
+@@ -455,6 +455,8 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
+                 new_symbol->symbol.flags = BSF_LOCAL;
+               if (stype == '2' || stype == '6')
+                 new_symbol->symbol.section = bfd_abs_section_ptr;
++               else if (bfd_is_const_section (section))
++                 ;
+               else if (stype == '3' || stype == '7')
+                 {
+                   if ((section->flags & SEC_DATA) == 0)