@@ -62,5 +62,6 @@ SRC_URI = "\
file://0024-CVE-2025-11082.patch \
file://0025-CVE-2025-11083.patch \
file://0026-CVE-2025-11081.patch \
+ file://0027-CVE-2025-8225.patch \
"
S = "${WORKDIR}/git"
new file mode 100644
@@ -0,0 +1,47 @@
+From e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 19 Feb 2025 22:45:29 +1030
+Subject: [PATCH] binutils/dwarf.c debug_information leak
+
+It is possible with fuzzed files to have num_debug_info_entries zero
+after allocating space for debug_information, leading to multiple
+allocations.
+
+ * dwarf.c (process_debug_info): Don't test num_debug_info_entries
+ to determine whether debug_information has been allocated,
+ test alloc_num_debug_info_entries.
+---
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4]
+CVE: CVE-2025-8225
+
+ binutils/dwarf.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+Signed-off-by: Alan Modra <amodra@gmail.com>
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index 8e004cea839..bfbf83ec9f4 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -3807,13 +3807,11 @@ process_debug_info (struct dwarf_section * section,
+ }
+
+ if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info)
+- && num_debug_info_entries == 0
+- && ! do_types)
++ && alloc_num_debug_info_entries == 0
++ && !do_types)
+ {
+-
+ /* Then allocate an array to hold the information. */
+- debug_information = (debug_info *) cmalloc (num_units,
+- sizeof (* debug_information));
++ debug_information = cmalloc (num_units, sizeof (*debug_information));
+ if (debug_information == NULL)
+ {
+ error (_("Not enough memory for a debug info array of %u entries\n"),
+--
+2.43.7
+