poky/meta/recipes-devtools/binutils/binutils/0047-CVE-2025-8225.patch

From e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Wed, 19 Feb 2025 22:45:29 +1030
Subject: [PATCH] binutils/dwarf.c debug_information leak

It is possible with fuzzed files to have num_debug_info_entries zero
after allocating space for debug_information, leading to multiple
allocations.

	* dwarf.c (process_debug_info): Don't test num_debug_info_entries
	to determine whether debug_information has been allocated,
	test alloc_num_debug_info_entries.
---

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4]
CVE: CVE-2025-8225

 binutils/dwarf.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

Signed-off-by: Alan Modra <amodra@gmail.com>
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>

diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 8e004cea839..bfbf83ec9f4 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -3807,13 +3807,11 @@ process_debug_info (struct dwarf_section * section,
     }
 
   if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info)
-      && num_debug_info_entries == 0
-      && ! do_types)
+      && alloc_num_debug_info_entries == 0
+      && !do_types)
     {
-
       /* Then allocate an array to hold the information.  */
-      debug_information = (debug_info *) cmalloc (num_units,
-						  sizeof (* debug_information));
+      debug_information = cmalloc (num_units, sizeof (*debug_information));
       if (debug_information == NULL)
 	{
 	  error (_("Not enough memory for a debug info array of %u entries\n"),
-- 
2.43.7