!34 [sync] PR-29: fix CVE-2023-31975

From: @openeuler-sync-bot Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen
2024-01-05 07:20:18 +00:00 · 2024-01-05 07:20:18 +00:00 · 954a69a3f9
commit 954a69a3f9
parent 0f90536030 6573fd488c
2 changed files with 33 additions and 1 deletions
--- a/CVE-2023-31975.patch
+++ b/CVE-2023-31975.patch
@ -0,0 +1,27 @@
 From b2cc5a1693b17ac415df76d0795b15994c106441 Mon Sep 17 00:00:00 2001
 From: Katsuhiko Gondow <gondow@cs.titech.ac.jp>
 Date: Tue, 13 Jun 2023 05:00:47 +0900
 Subject: [PATCH] Fix memory leak in bin-objfmt (#231)
 ---
 modules/objfmts/bin/bin-objfmt.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/modules/objfmts/bin/bin-objfmt.c b/modules/objfmts/bin/bin-objfmt.c
 index 18026750..a38c3422 100644
 --- a/modules/objfmts/bin/bin-objfmt.c
 +++ b/modules/objfmts/bin/bin-objfmt.c
@@ -1680,6 +1680,10 @@ static void
 bin_section_data_destroy(void *data)
 {
     bin_section_data *bsd = (bin_section_data *)data;
 +    if (bsd->align)
 +        yasm_xfree(bsd->align);
 +    if (bsd->valign)
 +        yasm_xfree(bsd->valign);
     if (bsd->start)
         yasm_expr_destroy(bsd->start);
     if (bsd->vstart)
 -- 
 2.41.0.windows.3
--- a/yasm.spec
+++ b/yasm.spec
@ -1,12 +1,14 @@
 Name:           yasm
 Version:        1.3.0
-Release:        11
+Release:        12
 Summary:        NASM assembler
 License:        BSD
 URL:            http://yasm.tortall.net/
 Source0:        http://www.tortall.net/projects/yasm/releases/yasm-1.3.0.tar.gz
 Patch1:         yasm-1.3.0-sw.patch
 Patch2:         CVE-2023-37732.patch
 Patch3:         CVE-2023-31975.patch
 BuildRequires:  gcc bison byacc gettext-devel xmlto
 Provides:       bundled(md5-plumb)
@ -48,6 +50,9 @@ rm -rf %{buildroot}
 %{_mandir}/*
 %changelog
 * Tue Aug 15 2023 liningjie <liningjie@xfusion.com> - 1.3.0-12
 - fix CVE-2023-31975
 * Fri Aug 11 2023 liningjie <liningjie@xfusion.com> - 1.3.0-11
 - fix CVE-2023-37732