tjh.dev
binutils: fix CVE-2023-1972
Signed-off-by: Henri Rosten <henri.rosten@unikie.com>
(cherry picked from commit 6c71202df2eecd15d2b34b2f4f399a9c411bcc58)
authored by
Henri Rosten
and committed by
github-actions[bot]
eb5cd54d
fbe4f9c3
+23
pkgs/development/tools/misc/binutils/CVE-2023-1972.patch
+23
pkgs/development/tools/misc/binutils/CVE-2023-1972.patch
···
1
+
diff --git a/bfd/elf.c b/bfd/elf.c
2
+
index 027d0143735..185028cbd97 100644
3
+
--- a/bfd/elf.c
4
+
+++ b/bfd/elf.c
5
+
@@ -9030,6 +9030,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
6
+
bfd_set_error (bfd_error_file_too_big);
7
+
goto error_return_verdef;
8
+
}
9
+
+
10
+
+ if (amt == 0)
11
+
+ goto error_return_verdef;
12
+
elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
13
+
if (elf_tdata (abfd)->verdef == NULL)
14
+
goto error_return_verdef;
15
+
@@ -9133,6 +9136,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
16
+
bfd_set_error (bfd_error_file_too_big);
17
+
goto error_return;
18
+
}
19
+
+ if (amt == 0)
20
+
+ goto error_return;
21
+
elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
22
+
if (elf_tdata (abfd)->verdef == NULL)
23
+
goto error_return;
+4
pkgs/development/tools/misc/binutils/default.nix
+4
pkgs/development/tools/misc/binutils/default.nix
···
88
88
# not need to know binutils' BINDIR at all. It's an absolute path
89
89
# where libraries are stored.
90
90
./plugins-no-BINDIR.patch
91
+
92
+
# CVE-2023-1972 fix to bfd/elf.c from:
93
+
# https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57
94
+
./CVE-2023-1972.patch
91
95
]
92
96
++ lib.optional targetPlatform.isiOS ./support-ios.patch
93
97
# Adds AVR-specific options to "size" for compatibility with Atmel's downstream distribution