yasm: fix CVE-2024-22653

yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-22653 Upstream-patch: https://github.com/yasm/yasm/commit/121ab150b3577b666c79a79f4a511798d7ad2432 Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-06-13 17:39:57 +00:00 · 2025-10-15 17:28:45 +05:30
parent bfc756c1e6
commit 9146afcebb
2 changed files with 33 additions and 0 deletions
@@ -0,0 +1,32 @@
+From 121ab150b3577b666c79a79f4a511798d7ad2432 Mon Sep 17 00:00:00 2001
+From: haruki3hhh <135201297+haruki3hhh@users.noreply.github.com>
+Date: Mon, 24 Jun 2024 18:08:27 -0500
+Subject: [PATCH] Fix null pointer dereference in yasm_section_bcs_append
+ (#263)
+
+CVE: CVE-2024-22653
+
+Upstream-Status: Backport [https://github.com/yasm/yasm/commit/121ab150b3577b666c79a79f4a511798d7ad2432]
+
+Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
+---
+ libyasm/section.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/libyasm/section.c b/libyasm/section.c
+index ba582bfa..1c1ba710 100644
+--- a/libyasm/section.c
+++ b/libyasm/section.c
+@@ -611,6 +611,10 @@ yasm_bytecode *
+ yasm_section_bcs_append(yasm_section *sect, yasm_bytecode *bc)
+ {
+     if (bc) {
+        if (!sect) {
+            yasm_error_set(YASM_ERROR_VALUE, "Attempt to append bytecode to a NULL section or with a NULL bytecode");
+            return NULL;
+        }
+         if (bc->callback) {
+             bc->section = sect;     /* record parent section */
+             STAILQ_INSERT_TAIL(&sect->bcs, bc, link);
+--
+2.40.0
@@ -13,6 +13,7 @@ SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
           file://0001-Do-not-use-AC_HEADER_STDC.patch \
           file://CVE-2023-31975.patch \
           file://CVE-2023-37732.patch \
+           file://CVE-2024-22653.patch \
 "

 S = "${WORKDIR}/git"