1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-17 04:07:06 +00:00

binutils: fix CVE-2025-8225

CVE: CVE-2025-8225

It is possible with fuzzed files to have num_debug_info_entries zero
after allocating space for debug_information, leading to multiple
allocations.

* dwarf.c (process_debug_info): Don't test num_debug_info_entries
to determine whether debug_information has been allocated,
test alloc_num_debug_info_entries.

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4]

(From OE-Core rev: 9b5bb098b542a43a7aa97cc376c358f0a38778e3)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Yash Shinde
2025-10-28 04:10:10 -07:00
committed by Steve Sakoman
parent 0118bd1e10
commit d0f445a1e2
2 changed files with 48 additions and 0 deletions
@@ -83,5 +83,6 @@ SRC_URI = "\
file://0044-CVE-2025-11082.patch \
file://0045-CVE-2025-11083.patch \
file://0046-CVE-2025-11081.patch \
file://0047-CVE-2025-8225.patch \
"
S = "${WORKDIR}/git"