mirror of
https://git.yoctoproject.org/poky
synced 2026-04-27 03:32:12 +02:00
775ca31829
Forgot to add CVE-2025-1182 patch file to SRC_URI in the following commit https://lists.openembedded.org/g/openembedded-core/message/217350 After rebasing the CVE-2025-1180.patch, we encountered hunk errors while applying the CVE-2025-1182.patch, so I have modified the patch accordingly. (From OE-Core rev: 131f93b8efcddac984965a250b5391c43ca54ac8) Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
32 lines
909 B
Diff
32 lines
909 B
Diff
From b425859021d17adf62f06fb904797cf8642986ad Mon Sep 17 00:00:00 2001
|
|
From: Nick Clifton <nickc@redhat.com>
|
|
Date: Wed, 5 Feb 2025 16:27:38 +0000
|
|
Subject: [PATCH] Fix another illegal memory access triggered by corrupt ELF
|
|
input files.
|
|
|
|
PR 32644
|
|
|
|
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b425859021d17adf62f06fb904797cf8642986ad]
|
|
|
|
CVE: CVE-2025-1182
|
|
|
|
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
|
|
---
|
|
bfd/elflink.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/bfd/elflink.c b/bfd/elflink.c
|
|
--- a/bfd/elflink.c
|
|
+++ b/bfd/elflink.c
|
|
@@ -14712,6 +14712,10 @@
|
|
}
|
|
else
|
|
{
|
|
+ if (r_symndx >= rcookie->locsymcount)
|
|
+ /* This can happen with corrupt input. */
|
|
+ return false;
|
|
+
|
|
/* It's not a relocation against a global symbol,
|
|
but it could be a relocation against a local
|
|
symbol for a discarded section. */
|