@@ -50,5 +50,6 @@ SRC_URI = "\
file://0021-CVE-2023-1579-2.patch \
file://0021-CVE-2023-1579-3.patch \
file://0021-CVE-2023-1579-4.patch \
+ file://0023-CVE-2023-25585.patch \
"
S = "${WORKDIR}/git"
new file mode 100644
@@ -0,0 +1,54 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 12 Dec 2022 08:31:08 +0000 (+1030)
+Subject: PR29892, Field file_table of struct module is uninitialized
+X-Git-Tag: gdb-13-branchpoint~86
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7
+
+PR29892, Field file_table of struct module is uninitialized
+
+ PR 29892
+ * vms-alphs.c (new_module): Use bfd_zmalloc to alloc file_table.
+ (parse_module): Rewrite file_table reallocation code and clear.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7]
+
+CVE: CVE-2023-25585
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
+index 3b63259cc81..6ee7060b0b2 100644
+--- a/bfd/vms-alpha.c
++++ b/bfd/vms-alpha.c
+@@ -4337,7 +4337,7 @@ new_module (bfd *abfd)
+ = (struct module *) bfd_zalloc (abfd, sizeof (struct module));
+ module->file_table_count = 16; /* Arbitrary. */
+ module->file_table
+- = bfd_malloc (module->file_table_count * sizeof (struct fileinfo));
++ = bfd_zmalloc (module->file_table_count * sizeof (struct fileinfo));
+ return module;
+ }
+
+@@ -4520,15 +4520,18 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ src_ptr + DST_S_B_SRC_DF_FILENAME,
+ ptr + rec_length - (src_ptr + DST_S_B_SRC_DF_FILENAME));
+
+- while (fileid >= module->file_table_count)
++ if (fileid >= module->file_table_count)
+ {
+- module->file_table_count *= 2;
++ unsigned int old_count = module->file_table_count;
++ module->file_table_count += fileid;
+ module->file_table
+ = bfd_realloc_or_free (module->file_table,
+ module->file_table_count
+ * sizeof (struct fileinfo));
+ if (module->file_table == NULL)
+ return false;
++ memset (module->file_table + old_count, 0,
++ fileid * sizeof (struct fileinfo));
+ }
+
+ module->file_table [fileid].name = filename;
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7] Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com> --- .../binutils/binutils-2.38.inc | 1 + .../binutils/0023-CVE-2023-25585.patch | 54 +++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch