1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-16 15:57:04 +00:00

binutils: fix CVE-2025-8225

CVE: CVE-2025-8225

It is possible with fuzzed files to have num_debug_info_entries zero
after allocating space for debug_information, leading to multiple
allocations.

* dwarf.c (process_debug_info): Don't test num_debug_info_entries
to determine whether debug_information has been allocated,
test alloc_num_debug_info_entries.

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4]

(From OE-Core rev: 7feed679262025b8405488d064e2c546a3ed7a0c)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Yash Shinde
2025-10-28 03:28:02 -07:00
committed by Steve Sakoman
parent 3574b5a9d1
commit f2b841423f
2 changed files with 48 additions and 0 deletions
@@ -62,5 +62,6 @@ SRC_URI = "\
file://0024-CVE-2025-11082.patch \
file://0025-CVE-2025-11083.patch \
file://0026-CVE-2025-11081.patch \
file://0027-CVE-2025-8225.patch \
"
S = "${WORKDIR}/git"