From 3b498d99020b4bde133da0bc9f16f4714144e209 Mon Sep 17 00:00:00 2001
From: Ariadne Conill <ariadne@dereferenced.org>
Date: Fri, 23 Apr 2021 00:30:12 -0600
Subject: main/binutils: add mitigation for CVE-2021-3487

---
 main/binutils/APKBUILD            |  8 +++--
 main/binutils/CVE-2021-3487.patch | 72 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+), 2 deletions(-)
 create mode 100644 main/binutils/CVE-2021-3487.patch

diff --git a/main/binutils/APKBUILD b/main/binutils/APKBUILD
index 4004df80932..80378c47717 100644
--- a/main/binutils/APKBUILD
+++ b/main/binutils/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=binutils
 pkgver=2.35.2
-pkgrel=0
+pkgrel=1
 pkgdesc="Tools necessary to build programs"
 url="https://www.gnu.org/software/binutils/"
 makedepends_build="bison flex texinfo"
@@ -15,6 +15,7 @@ source="https://ftp.gnu.org/gnu/binutils/binutils-$pkgver.tar.xz
 	gold-mips.patch
 	ld-bfd-mips.patch
 	0001-Revert-PR25882-.gnu.attributes-are-not-checked-for-s.patch
+	CVE-2021-3487.patch
 	"
 builddir="$srcdir/$pkgname-$pkgver"
 
@@ -25,6 +26,8 @@ if [ "$CHOST" != "$CTARGET" ]; then
 fi
 
 # secfixes:
+#   2.35.2-r1:
+#     - CVE-2021-3487
 #   2.32-r0:
 #     - CVE-2018-19931
 #     - CVE-2018-19932
@@ -115,4 +118,5 @@ sha512sums="9974ede5978d32e0d68fef23da48fa00bd06b0bff7ec45b00ca075c126d6bbe0cf2d
 ecee33b0e435aa704af1c334e560f201638ff79e199aa11ed78a72f7c9b46f85fbb227af5748e735fd681d1965fcc42ac81b0c8824e540430ce0c706c81e8b49  binutils-ld-fix-static-linking.patch
 f55cf2e0bf82f97583a1abe10710e4013ecf7d64f1da2ef8659a44a06d0dd8beaf58dab98a183488ea137f03e32d62efc878d95f018f836f8cec870bc448556f  gold-mips.patch
 314d2ef9071c89940aa6c8118e8a1e2f191a5d0a4bf596da1ad9cc84f884d8bc7dea8bd7b9fc3f8f1bddd3fd41c6eb017e1e804044b3bf084df1ed9e6e095e2d  ld-bfd-mips.patch
-642c617db6c6e491f78f053d60f3aa369bad7bf8c1bc7ce267de6cf8fddf6c0d4cf63ce8c8f6e2f225dedbce7cb930d8e87e168fd8f72ca0837c77266ee2b5f8  0001-Revert-PR25882-.gnu.attributes-are-not-checked-for-s.patch"
+642c617db6c6e491f78f053d60f3aa369bad7bf8c1bc7ce267de6cf8fddf6c0d4cf63ce8c8f6e2f225dedbce7cb930d8e87e168fd8f72ca0837c77266ee2b5f8  0001-Revert-PR25882-.gnu.attributes-are-not-checked-for-s.patch
+b08384ed124a74ad3a424db370c107230f09a54378502ca4385deb738f7cf799857f2af0db52709c7eeab8fa6c0a3d972f891396cce1e2834a21f67682fc4355  CVE-2021-3487.patch"
diff --git a/main/binutils/CVE-2021-3487.patch b/main/binutils/CVE-2021-3487.patch
new file mode 100644
index 00000000000..db99ae73d97
--- /dev/null
+++ b/main/binutils/CVE-2021-3487.patch
@@ -0,0 +1,72 @@
+From 647cebce12a6b0a26960220caff96ff38978cf24 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 26 Nov 2020 17:08:33 +0000
+Subject: [PATCH] Prevent a memory allocation failure when parsing corrupt
+ DWARF debug sections.
+
+	PR 26946
+	* dwarf2.c (read_section): Check for debug sections with excessive
+	sizes.
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 977bf43a6a1..8bbfc81d3e7 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -531,22 +531,24 @@ read_section (bfd *	      abfd,
+ 	      bfd_byte **     section_buffer,
+ 	      bfd_size_type * section_size)
+ {
+-  asection *msec;
+   const char *section_name = sec->uncompressed_name;
+   bfd_byte *contents = *section_buffer;
+-  bfd_size_type amt;
+ 
+   /* The section may have already been read.  */
+   if (contents == NULL)
+     {
++      bfd_size_type amt;
++      asection *msec;
++      ufile_ptr filesize;
++
+       msec = bfd_get_section_by_name (abfd, section_name);
+-      if (! msec)
++      if (msec == NULL)
+ 	{
+ 	  section_name = sec->compressed_name;
+ 	  if (section_name != NULL)
+ 	    msec = bfd_get_section_by_name (abfd, section_name);
+ 	}
+-      if (! msec)
++      if (msec == NULL)
+ 	{
+ 	  _bfd_error_handler (_("DWARF error: can't find %s section."),
+ 			      sec->uncompressed_name);
+@@ -554,12 +556,23 @@ read_section (bfd *	      abfd,
+ 	  return FALSE;
+ 	}
+ 
+-      *section_size = msec->rawsize ? msec->rawsize : msec->size;
++      amt = bfd_get_section_limit_octets (abfd, msec);
++      filesize = bfd_get_file_size (abfd);
++      if (amt >= filesize)
++	{
++	  /* PR 26946 */
++	  _bfd_error_handler (_("DWARF error: section %s is larger than its filesize! (0x%lx vs 0x%lx)"),
++			      section_name, (long) amt, (long) filesize);
++	  bfd_set_error (bfd_error_bad_value);
++	  return FALSE;
++	}
++      *section_size = amt;
+       /* Paranoia - alloc one extra so that we can make sure a string
+ 	 section is NUL terminated.  */
+-      amt = *section_size + 1;
++      amt += 1;
+       if (amt == 0)
+ 	{
++	  /* Paranoia - this should never happen.  */
+ 	  bfd_set_error (bfd_error_no_memory);
+ 	  return FALSE;
+ 	}
+-- 
+2.27.0
+
-- 
cgit v1.2.3