@@ -36,5 +36,6 @@ SRC_URI = "\
file://0013-Define-alignof-using-_Alignof-when-using-C11-or-newe.patch \
file://0014-Remove-duplicate-pe-dll.o-entry-deom-targ_extra_ofil.patch \
file://0015-gprofng-change-use-of-bignum-to-bigint.patch \
+ file://0016-CVE-2024-53589.patch \
"
S = "${WORKDIR}/git"
new file mode 100644
@@ -0,0 +1,92 @@
+Author: Alan Modra <amodra@gmail.com>
+Date: Mon Nov 11 10:24:09 2024 +1030
+
+ Re: tekhex object file output fixes
+
+ Commit 8b5a212495 supported *ABS* symbols by allowing "section" to be
+ bfd_abs_section, but bfd_abs_section needs to be treated specially.
+ In particular, bfd_get_next_section_by_name (.., bfd_abs_section_ptr)
+ is invalid.
+
+ PR 32347
+ * tekhex.c (first_phase): Guard against modification of
+ _bfd_std_section[] entries.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88]
+CVE: CVE-2024-53589
+
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+
+diff --git a/bfd/tekhex.c b/bfd/tekhex.c
+index aea2ebb23df..b305c1f96f1 100644
+--- a/bfd/tekhex.c
++++ b/bfd/tekhex.c
+@@ -361,6 +361,7 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
+ {
+ asection *section, *alt_section;
+ unsigned int len;
++ bfd_vma addr;
+ bfd_vma val;
+ char sym[17]; /* A symbol can only be 16chars long. */
+
+@@ -368,20 +369,16 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
+ {
+ case '6':
+ /* Data record - read it and store it. */
+- {
+- bfd_vma addr;
+-
+- if (!getvalue (&src, &addr, src_end))
+- return false;
+-
+- while (*src && src < src_end - 1)
+- {
+- insert_byte (abfd, HEX (src), addr);
+- src += 2;
+- addr++;
+- }
+- return true;
+- }
++ if (!getvalue (&src, &addr, src_end))
++ return false;
++
++ while (*src && src < src_end - 1)
++ {
++ insert_byte (abfd, HEX (src), addr);
++ src += 2;
++ addr++;
++ }
++ return true;
+
+ case '3':
+ /* Symbol record, read the segment. */
+@@ -406,13 +403,16 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
+ {
+ case '1': /* Section range. */
+ src++;
+- if (!getvalue (&src, §ion->vma, src_end))
++ if (!getvalue (&src, &addr, src_end))
+ return false;
+ if (!getvalue (&src, &val, src_end))
+ return false;
+- if (val < section->vma)
+- val = section->vma;
+- section->size = val - section->vma;
++ if (bfd_is_const_section (section))
++ break;
++ section->vma = addr;
++ if (val < addr)
++ val = addr;
++ section->size = val - addr;
+ /* PR 17512: file: objdump-s-endless-loop.tekhex.
+ Check for overlarge section sizes. */
+ if (section->size & 0x80000000)
+@@ -455,6 +455,8 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
+ new_symbol->symbol.flags = BSF_LOCAL;
+ if (stype == '2' || stype == '6')
+ new_symbol->symbol.section = bfd_abs_section_ptr;
++ else if (bfd_is_const_section (section))
++ ;
+ else if (stype == '3' || stype == '7')
+ {
+ if ((section->flags & SEC_DATA) == 0)