[rpms/gdb] gdb-17.2-rebase-f44: Backport upstream commit d28fbc7197b which fixes RHBZ 2233965 ( -

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

To: git-commits@fedoraproject.org
Subject: [rpms/gdb] gdb-17.2-rebase-f44: Backport upstream commit d28fbc7197b which fixes RHBZ 2233965 (
Date: Sun, 28 Jun 2026 00:01:23 GMT	[thread overview]
Message-ID: <178260488327.1.16111224502624050595.rpms-gdb-fec73092bb43@fedoraproject.org> (raw)

          A new commit has been pushed.

          Repo   : rpms/gdb
          Branch : gdb-17.2-rebase-f44
          Commit : fec73092bb4319882628579f01491de5d9542d2c
          Author : Alexandra Hájková <ahajkova@redhat.com>
          Date   : 2023-10-01T11:38:40+02:00
          Stats  : +125/-1 in 5 file(s)
          URL    : https://src.fedoraproject.org/rpms/gdb/c/fec73092bb4319882628579f01491de5d9542d2c?branch=gdb-17.2-rebase-f44

          Log:
          Backport upstream commit d28fbc7197b which fixes RHBZ 2233965 (

CVE-2022-48065).

---
diff --git a/_gdb.spec.Patch.include b/_gdb.spec.Patch.include
index 3ad950e..c4e21fe 100644
--- a/_gdb.spec.Patch.include
+++ b/_gdb.spec.Patch.include
@@ -210,3 +210,6 @@ Patch047: gdb-bz2237392-dwarf-obstack-allocation.patch
 # avoids section size sanity check.
 Patch048: gdb-rhbz2233961-CVE-2022-4806.patch
 
+# Backport PR29925, Memory leak in find_abstract_instance
+Patch049: gdb-rhbz2233965-memory-leak.patch
+

diff --git a/_gdb.spec.patch.include b/_gdb.spec.patch.include
index ef55dd0..2ca0c1f 100644
--- a/_gdb.spec.patch.include
+++ b/_gdb.spec.patch.include
@@ -46,3 +46,4 @@
 %patch -p1 -P046
 %patch -p1 -P047
 %patch -p1 -P048
+%patch -p1 -P049

diff --git a/_patch_order b/_patch_order
index f8f4cf3..27ac848 100644
--- a/_patch_order
+++ b/_patch_order
@@ -46,3 +46,4 @@ gdb-bz2196395-debuginfod-legacy-openssl-crash.patch
 gdb-bz2237515-debuginfod-double-free.patch
 gdb-bz2237392-dwarf-obstack-allocation.patch
 gdb-rhbz2233961-CVE-2022-4806.patch
+gdb-rhbz2233965-memory-leak.patch

diff --git a/gdb-rhbz2233965-memory-leak.patch b/gdb-rhbz2233965-memory-leak.patch
new file mode 100644
index 0000000..004ba3b
--- /dev/null
+++ b/gdb-rhbz2233965-memory-leak.patch
@@ -0,0 +1,115 @@
+From FEDORA_PATCHES Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alexandra=20H=C3=A1jkov=C3=A1?= <ahajkova@redhat.com>
+Date: Sun, 1 Oct 2023 10:36:06 +0200
+Subject: gdb-rhbz2233965-memory-leak.patch
+
+;; Backport PR29925, Memory leak in find_abstract_instance
+
+PR29925, Memory leak in find_abstract_instance
+
+The testcase in the PR had a variable with both DW_AT_decl_file and
+DW_AT_specification, where the DW_AT_specification also specified
+DW_AT_decl_file.  This leads to a memory leak as the file name is
+malloced and duplicates are not expected.
+
+I've also changed find_abstract_instance to not use a temp for "name",
+because that can result in a change in behaviour from the usual last
+of duplicate attributes wins.
+
+	PR 29925
+	* dwarf2.c (find_abstract_instance): Delete "name" variable.
+	Free *filename_ptr before assigning new file name.
+	(scan_unit_for_symbols): Similarly free func->file and
+	var->file before assigning.
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -3441,7 +3441,6 @@ find_abstract_instance (struct comp_unit *unit,
+   struct abbrev_info *abbrev;
+   uint64_t die_ref = attr_ptr->u.val;
+   struct attribute attr;
+-  const char *name = NULL;
+ 
+   if (recur_count == 100)
+     {
+@@ -3602,9 +3601,9 @@ find_abstract_instance (struct comp_unit *unit,
+ 		case DW_AT_name:
+ 		  /* Prefer DW_AT_MIPS_linkage_name or DW_AT_linkage_name
+ 		     over DW_AT_name.  */
+-		  if (name == NULL && is_str_form (&attr))
++		  if (*pname == NULL && is_str_form (&attr))
+ 		    {
+-		      name = attr.u.str;
++		      *pname = attr.u.str;
+ 		      if (mangle_style (unit->lang) == 0)
+ 			*is_linkage = true;
+ 		    }
+@@ -3612,7 +3611,7 @@ find_abstract_instance (struct comp_unit *unit,
+ 		case DW_AT_specification:
+ 		  if (is_int_form (&attr)
+ 		      && !find_abstract_instance (unit, &attr, recur_count + 1,
+-						  &name, is_linkage,
++						  pname, is_linkage,
+ 						  filename_ptr, linenumber_ptr))
+ 		    return false;
+ 		  break;
+@@ -3622,7 +3621,7 @@ find_abstract_instance (struct comp_unit *unit,
+ 		     non-string forms into these attributes.  */
+ 		  if (is_str_form (&attr))
+ 		    {
+-		      name = attr.u.str;
++		      *pname = attr.u.str;
+ 		      *is_linkage = true;
+ 		    }
+ 		  break;
+@@ -3630,8 +3629,11 @@ find_abstract_instance (struct comp_unit *unit,
+ 		  if (!comp_unit_maybe_decode_line_info (unit))
+ 		    return false;
+ 		  if (is_int_form (&attr))
+-		    *filename_ptr = concat_filename (unit->line_table,
+-						     attr.u.val);
++		    {
++		      free (*filename_ptr);
++		      *filename_ptr = concat_filename (unit->line_table,
++						       attr.u.val);
++		    }
+ 		  break;
+ 		case DW_AT_decl_line:
+ 		  if (is_int_form (&attr))
+@@ -3643,7 +3645,6 @@ find_abstract_instance (struct comp_unit *unit,
+ 	    }
+ 	}
+     }
+-  *pname = name;
+   return true;
+ }
+ 
+@@ -4139,8 +4140,11 @@ scan_unit_for_symbols (struct comp_unit *unit)
+ 
+ 		case DW_AT_decl_file:
+ 		  if (is_int_form (&attr))
+-		    func->file = concat_filename (unit->line_table,
+-						  attr.u.val);
++		    {
++		      free (func->file);
++		      func->file = concat_filename (unit->line_table,
++						    attr.u.val);
++		    }
+ 		  break;
+ 
+ 		case DW_AT_decl_line:
+@@ -4182,8 +4186,11 @@ scan_unit_for_symbols (struct comp_unit *unit)
+ 
+ 		case DW_AT_decl_file:
+ 		  if (is_int_form (&attr))
+-		    var->file = concat_filename (unit->line_table,
+-						 attr.u.val);
++		    {
++		      free (var->file);
++		      var->file = concat_filename (unit->line_table,
++						   attr.u.val);
++		    }
+ 		  break;
+ 
+ 		case DW_AT_decl_line:

diff --git a/gdb.spec b/gdb.spec
index 527cd6e..0a572db 100644
--- a/gdb.spec
+++ b/gdb.spec
@@ -57,7 +57,7 @@ Version: 13.2
 
 # The release always contains a leading reserved number, start it at 1.
 # `upstream' is not a part of `name' to stay fully rpm dependencies compatible for the testing.
-Release: 9%{?dist}
+Release: 10%{?dist}
 
 License: GPL-3.0-or-later AND BSD-3-clause AND FSFAP AND LGPL-2.1-or-later AND GPL-2.0-or-later AND LGPL-2.0-or-later AND LicenseRef-Fedora-Public-Domain AND GFDL-1.3-or-later AND LGPL-2.0-or-later WITH GCC-exception-2.0 AND GPL-3.0-or-later WITH GCC-exception-3.1 AND GPL-2.0-or-later WITH GNU-compiler-exception
 # Do not provide URL for snapshots as the file lasts there only for 2 days.
@@ -1252,6 +1252,10 @@ fi
 %endif
 
 %changelog
+* Sun Oct 1 2023 Alexandra Hájková <ahajkova@redhat.com> - 13.2-10
+- Backport upstream commit d28fbc7197b which fixes RHBZ 2233965 (
+  CVE-2022-48065).
+
 * Thu Sep 28 2023 Kevin Buettner <kevinb@redhat.com>
 - Remove gdb-6.5-sharedlibrary-path.patch, which was upstreamed in
   commit 3ec033fab4a.

                 reply	other threads:[~2026-06-28  0:01 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178260488327.1.16111224502624050595.rpms-gdb-fec73092bb43@fedoraproject.org \
    --to=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox