@@ -82,5 +82,6 @@ SRC_URI = "\
file://0043-CVE-2025-7545.patch \
file://0044-CVE-2025-11082.patch \
file://0045-CVE-2025-11083.patch \
+ file://0046-CVE-2025-11081.patch \
"
S = "${WORKDIR}/git"
new file mode 100644
@@ -0,0 +1,84 @@
+From f87a66db645caf8cc0e6fc87b0c28c78a38af59b Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 9 Sep 2025 18:32:09 +0930
+Subject: [PATCH] PR 33406 SEGV in dump_dwarf_section
+
+Trying to dump .sframe in a PE file results in a segfault accessing
+elf_section_data.
+
+ * objdump (dump_sframe_section, dump_dwarf_section): Don't access
+ elf_section_type without first checking the file is ELF.
+---
+ binutils/objdump.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b]
+CVE: CVE-2025-11081
+
+Signed-off-by: Alan Modra <amodra@gmail.com>
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+index 290f7e51f66..ee8823da05a 100644
+--- a/binutils/objdump.c
++++ b/binutils/objdump.c
+@@ -4418,6 +4418,10 @@
+ else
+ match = name;
+
++ if (bfd_get_flavour (abfd) == bfd_target_elf_flavour
++ && elf_section_type (section) == SHT_GNU_SFRAME)
++ match = ".sframe";
++
+ for (i = 0; i < max; i++)
+ if ((strcmp (debug_displays [i].section.uncompressed_name, match) == 0
+ || strcmp (debug_displays [i].section.compressed_name, match) == 0
+@@ -4923,6 +4927,36 @@
+ }
+
++static void
++dump_sframe_section (bfd *abfd, const char *sect_name, bool is_mainfile)
++
++{
++ /* Error checking for user provided SFrame section name, if any. */
++ if (sect_name)
++ {
++ asection *sec = bfd_get_section_by_name (abfd, sect_name);
++ if (sec == NULL)
++ {
++ printf (_("No %s section present\n\n"), sanitize_string (sect_name));
++ return;
++ }
++ /* Starting with Binutils 2.45, SFrame sections have section type
++ SHT_GNU_SFRAME. For SFrame sections from Binutils 2.44 or earlier,
++ check explcitly for SFrame sections of type SHT_PROGBITS and name
++ ".sframe" to allow them. */
++ else if (bfd_get_flavour (abfd) != bfd_target_elf_flavour
++ || (elf_section_type (sec) != SHT_GNU_SFRAME
++ && !(elf_section_type (sec) == SHT_PROGBITS
++ && strcmp (sect_name, ".sframe") == 0)))
++ {
++ printf (_("Section %s does not contain SFrame data\n\n"),
++ sanitize_string (sect_name));
++ return;
++ }
++ }
++ dump_dwarf (abfd, is_mainfile);
++}
++
+ static void
+ dump_target_specific (bfd *abfd)
+ {
+ const struct objdump_private_desc * const *desc;
+diff --git a/include/elf/common.h b/include/elf/common.h
+--- a/include/elf/common.h
++++ b/include/elf/common.h
+@@ -528,6 +528,8 @@
+ #define SHT_LOOS 0x60000000 /* First of OS specific semantics */
+ #define SHT_HIOS 0x6fffffff /* Last of OS specific semantics */
+
++#define SHT_GNU_SFRAME 0x6ffffff4 /* SFrame stack trace information. */
++
+ #define SHT_GNU_INCREMENTAL_INPUTS 0x6fff4700 /* incremental build data */
+ #define SHT_GNU_ATTRIBUTES 0x6ffffff5 /* Object attributes */
+ #define SHT_GNU_HASH 0x6ffffff6 /* GNU style symbol hash table */