@@ -68,5 +68,6 @@ SRC_URI = "\
file://CVE-2022-48063.patch \
file://0032-CVE-2022-47010.patch \
file://0033-CVE-2022-47007.patch \
+ file://0034-CVE-2022-48064.patch \
"
S = "${WORKDIR}/git"
new file mode 100644
@@ -0,0 +1,57 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 20 Dec 2022 13:17:03 +0000 (+1030)
+Subject: PR29922, SHT_NOBITS section avoids section size sanity check
+X-Git-Tag: binutils-2_40~202
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8f2c64de86bc3d7556121fe296dd679000283931
+
+PR29922, SHT_NOBITS section avoids section size sanity check
+
+ PR 29922
+ * dwarf2.c (find_debug_info): Ignore sections without
+ SEC_HAS_CONTENTS.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8f2c64de86bc3d7556121fe296dd679000283931]
+
+CVE: CVE-2022-48064
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 95f45708e9d..0cd8152ee6e 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -4831,16 +4831,19 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
+ {
+ look = debug_sections[debug_info].uncompressed_name;
+ msec = bfd_get_section_by_name (abfd, look);
+- if (msec != NULL)
++ /* Testing SEC_HAS_CONTENTS is an anti-fuzzer measure. Of
++ course debug sections always have contents. */
++ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
+ return msec;
+
+ look = debug_sections[debug_info].compressed_name;
+ msec = bfd_get_section_by_name (abfd, look);
+- if (msec != NULL)
++ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
+ return msec;
+
+ for (msec = abfd->sections; msec != NULL; msec = msec->next)
+- if (startswith (msec->name, GNU_LINKONCE_INFO))
++ if ((msec->flags & SEC_HAS_CONTENTS) != 0
++ && startswith (msec->name, GNU_LINKONCE_INFO))
+ return msec;
+
+ return NULL;
+@@ -4848,6 +4851,9 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
+
+ for (msec = after_sec->next; msec != NULL; msec = msec->next)
+ {
++ if ((msec->flags & SEC_HAS_CONTENTS) == 0)
++ continue;
++
+ look = debug_sections[debug_info].uncompressed_name;
+ if (strcmp (msec->name, look) == 0)
+ return msec;