microsoft
diff --git a/‎SPECS/binutils/CVE-2025-1147.patch‎
Lines changed: 110 additions & 0 deletions b/‎SPECS/binutils/CVE-2025-1147.patch‎
Lines changed: 110 additions & 0 deletions
@@ -0,0 +1,110 @@
+From 7be4186c22f89a87fff048c28910f5d26a0f61ce Mon Sep 17 00:00:00 2001
+From: Dmitry Klochkov <dmitry.klochkov@bell-sw.com>
+Date: Tue, 9 Sep 2025 12:06:25 +0200
+Subject: [PATCH] nm: fix treating an ifunc symbol as a stab if
+ '--ifunc-chars=--' is given
+       
+If an ifunc symbol is processed in print_symbol(), a 'type' field of a
+'syminfo' structure is set to any character specified by a user with an
+'--ifunc-chars' option.  But afterwards the 'type' field is used to
+check whether a symbol is a stab in print_symbol_info_{bsd,sysv}()
+functions in order to print additional stab related data.  If the 'type'
+field equals '-', a symbol is treated as a stab.  If '--ifunc-chars=--'
+is given, all ifunc symbols will be treated as stab symbols and
+uninitialized stab related fields of the 'syminfo' structure will be
+printed which can lead to segmentation fault.
+
+To fix this, check if a symbol is a stab before override the 'type'
+field.  Also, add a test case for this fix.
+
+        PR binutils/32556
+        * nm.c (extended_symbol_info): Add is_stab.
+        (print_symbol): Check if a symbol is a stab.
+        (print_symbol_info_bsd): Use info->is_stab.
+        (print_symbol_info_sysv): Use info->is_stab.
+        * testsuite/binutils-all/nm.exp: Test nm --ifunc-chars=--.
+
+Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=32556
+Fixes: e6f6aa8d184 ("Add option to nm to change the characters displayed for ifunc symbols")
+Signed-off-by: Dmitry Klochkov <dmitry.klochkov@bell-sw.com>
+
+Upstream Patch Reference: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=7be4186c22f89a87fff048c28910f5d26a0f61ce
+---
+ binutils/nm.c                          | 10 +++++++---
+ binutils/testsuite/binutils-all/nm.exp | 17 +++++++++++++++++
+ 2 files changed, 24 insertions(+), 3 deletions(-)
+
+diff --git a/binutils/nm.c b/binutils/nm.c
+index f96cfa31..2370e1ca 100644
+--- a/binutils/nm.c
++++ b/binutils/nm.c
+@@ -71,6 +71,7 @@ struct extended_symbol_info
+   bfd_vma ssize;
+   elf_symbol_type *elfinfo;
+   coff_symbol_type *coffinfo;
++  bool is_stab;
+   /* FIXME: We should add more fields for Type, Line, Section.  */
+ };
+ #define SYM_VALUE(sym)       (sym->sinfo->value)
+@@ -1193,8 +1194,11 @@ print_symbol (bfd *        abfd,
+ 
+   bfd_get_symbol_info (abfd, sym, &syminfo);
+ 
++  info.is_stab = false;
++  if (syminfo.type == '-')
++    info.is_stab = true;
+   /* PR 22967 - Distinguish between local and global ifunc symbols.  */
+-  if (syminfo.type == 'i'
++  else if (syminfo.type == 'i'
+       && sym->flags & BSF_GNU_INDIRECT_FUNCTION)
+     {
+       if (ifunc_type_chars == NULL || ifunc_type_chars[0] == 0)
+@@ -1856,7 +1860,7 @@ print_symbol_info_bsd (struct extended_symbol_info *info, bfd *abfd)
+ 
+   printf (" %c", SYM_TYPE (info));
+ 
+-  if (SYM_TYPE (info) == '-')
++  if (info->is_stab)
+     {
+       /* A stab.  */
+       printf (" ");
+@@ -1885,7 +1889,7 @@ print_symbol_info_sysv (struct extended_symbol_info *info, bfd *abfd)
+ 
+   printf ("|   %c  |", SYM_TYPE (info));
+ 
+-  if (SYM_TYPE (info) == '-')
++  if (info->is_stab)
+     {
+       /* A stab.  */
+       printf ("%18s|  ", SYM_STAB_NAME (info));		/* (C) Type.  */
+diff --git a/binutils/testsuite/binutils-all/nm.exp b/binutils/testsuite/binutils-all/nm.exp
+index 91b519d9..4a1a5336 100644
+--- a/binutils/testsuite/binutils-all/nm.exp
++++ b/binutils/testsuite/binutils-all/nm.exp
+@@ -323,6 +323,23 @@ if [is_elf_format] {
+ 	    fail "$testname (local ifunc)"
+ 	}
+ 
++	# PR 32556
++	# Test nm --ifunc-chars=--
++
++	set got [binutils_run $NM "$NMFLAGS --ifunc-chars=-- $tmpfile"]
++
++	if [regexp -line "^\\S+ - global_foo$" $got] then {
++	    pass "$testname=-- (global ifunc)"
++	} else {
++	    fail "$testname=-- (global ifunc)"
++	}
++
++	if [regexp -line "^\\S+ - local_foo$" $got] then {
++	    pass "$testname=-- (local ifunc)"
++	} else {
++	    fail "$testname=-- (local ifunc)"
++	}
++
+ 	if { $verbose < 1 } {
+ 	    remote_file host delete "tmpdir/ifunc.o"
+ 	}
+-- 
+2.45.4
+