diff --git a/backport-CVE-2025-11412.patch b/backport-CVE-2025-11412.patch new file mode 100644 index 0000000000000000000000000000000000000000..3978786e2a5b73540f20ea4c4cd2419c9602b2fa --- /dev/null +++ b/backport-CVE-2025-11412.patch @@ -0,0 +1,37 @@ +From 047435dd988a3975d40c6626a8f739a0b2e154bc Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Thu, 25 Sep 2025 08:22:24 +0930 +Subject: [PATCH] PR 33452 SEGV in bfd_elf_gc_record_vtentry + +Limit addends on vtentry relocs, otherwise ld might attempt to +allocate a stupidly large array. This also fixes the expression +overflow leading to pr33452. A vtable of 33M entries on a 64-bit +host is surely large enough, especially considering that VTINHERIT +and VTENTRY relocations are to support -fvtable-gc that disappeared +from gcc over 20 years ago. + + PR ld/33452 + * elflink.c (bfd_elf_gc_record_vtentry): Sanity check addend. + +Reference:https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc +Conflict:NA +--- + bfd/elflink.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bfd/elflink.c b/bfd/elflink.c +index 54f0d6e957e..0a0456177c2 100644 +--- a/bfd/elflink.c ++++ b/bfd/elflink.c +@@ -14865,7 +14865,7 @@ bfd_elf_gc_record_vtentry (bfd *abfd, asection *sec, + const struct elf_backend_data *bed = get_elf_backend_data (abfd); + unsigned int log_file_align = bed->s->log_file_align; + +- if (!h) ++ if (!h || addend > 1u << 28) + { + /* xgettext:c-format */ + _bfd_error_handler (_("%pB: section '%pA': corrupt VTENTRY entry"), +-- +2.33.0 + diff --git a/gdb.spec b/gdb.spec index 90473e8c7f65c79dcbf4eb7b25ecf5e8b01230b2..26c38f047b7a7a26ebb84237a0891527dd30f0d0 100644 --- a/gdb.spec +++ b/gdb.spec @@ -1,6 +1,6 @@ Name: gdb Version: 11.1 -Release: 14 +Release: 15 License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and LGPLv3+ and BSD and Public Domain and GFDL-1.3 Source: ftp://sourceware.org/pub/gdb/releases/gdb-%{version}.tar.xz @@ -114,6 +114,7 @@ Patch95: backport-0002-CVE-2021-32256.patch Patch96: backport-0003-CVE-2021-32256.patch Patch97: backport-0001-CVE-2025-11083.patch Patch98: backport-0002-CVE-2025-11083.patch +Patch99: backport-CVE-2025-11412.patch %global gdb_src gdb-%{version} %global gdb_build build-%{_target_platform} @@ -390,6 +391,9 @@ rm -f $RPM_BUILD_ROOT%{_datadir}/gdb/python/gdb/command/backtrace.py %{_infodir}/gdb.info* %changelog +* Fri Oct 31 2025 wangxiao - 11.1-15 +- fix CVE-2025-11412 + * Mon Oct 27 2025 wangxiao - 11.1-14 - fix CVE-2025-11083