From 675fb3cfdd693883cf71a50aa7831b28e2727c2c Mon Sep 17 00:00:00 2001
From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com>
Date: Tue, 21 Oct 2025 15:12:19 +0800
Subject: [PATCH] [CVE] CVE-2025-11082

to #26114
add patch to fix CVE-2025-11082
Project: TC2024080204
Signed-off-by: tomcruiseqi <tomcruiseqi@inspur.com>
---
 056-bugfix-for-CVE-2025-11082.patch | 45 +++++++++++++++++++++++++++++
 gdb.spec                            |  6 +++-
 2 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 056-bugfix-for-CVE-2025-11082.patch

diff --git a/056-bugfix-for-CVE-2025-11082.patch b/056-bugfix-for-CVE-2025-11082.patch
new file mode 100644
index 0000000..804e37d
--- /dev/null
+++ b/056-bugfix-for-CVE-2025-11082.patch
@@ -0,0 +1,45 @@
+From ea1a0737c7692737a644af0486b71e4a392cbca8 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Mon, 22 Sep 2025 15:20:34 +0800
+Subject: [PATCH] elf: Don't read beyond .eh_frame section size
+
+	PR ld/33464
+	* elf-eh-frame.c (_bfd_elf_parse_eh_frame): Don't read beyond
+	.eh_frame section size.
+
+Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+---
+ bfd/elf-eh-frame.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/bfd/elf-eh-frame.c b/bfd/elf-eh-frame.c
+index dc0d2e097f5..30bb313489c 100644
+--- a/bfd/elf-eh-frame.c
++++ b/bfd/elf-eh-frame.c
+@@ -737,6 +737,7 @@ _bfd_elf_parse_eh_frame (bfd *abfd, struct bfd_link_info *info,
+       if (hdr_id == 0)
+ 	{
+ 	  unsigned int initial_insn_length;
++	  char *null_byte;
+ 
+ 	  /* CIE  */
+ 	  this_inf->cie = 1;
+@@ -753,10 +754,13 @@ _bfd_elf_parse_eh_frame (bfd *abfd, struct bfd_link_info *info,
+ 	  REQUIRE (cie->version == 1
+ 		   || cie->version == 3
+ 		   || cie->version == 4);
+-	  REQUIRE (strlen ((char *) buf) < sizeof (cie->augmentation));
++	  null_byte = memchr ((char *) buf, 0, end - buf);
++	  REQUIRE (null_byte != NULL);
++	  REQUIRE ((size_t) (null_byte - (char *) buf)
++		   < sizeof (cie->augmentation));
+ 
+ 	  strcpy (cie->augmentation, (char *) buf);
+-	  buf = (bfd_byte *) strchr ((char *) buf, '\0') + 1;
++	  buf = (bfd_byte *) null_byte + 1;
+ 	  this_inf->u.cie.aug_str_len = buf - start - 1;
+ 	  ENSURE_NO_RELOCS (buf);
+ 	  if (buf[0] == 'e' && buf[1] == 'h')
+-- 
+2.43.7
+
diff --git a/gdb.spec b/gdb.spec
index 339b587..2292926 100644
--- a/gdb.spec
+++ b/gdb.spec
@@ -1,4 +1,4 @@
-%define anolis_release 2
+%define anolis_release 3
 %global _python_bytecompile_extra 0
 %global librpmso librpm.so.9
 
@@ -86,6 +86,7 @@ Patch053: gdb-rhel-13298-inferior-funcall-bp-condition-5-of-5.patch
 Patch054: gdb-rhel-19390-pc-not-saved.patch
 
 Patch055: gdb-LoongArch-Change-LOONGARCH_FIRST_FP_REGNUM-to-35.patch
+Patch056: 056-bugfix-for-CVE-2025-11082.patch
 
 BuildRequires: rpm-libs autoconf
 BuildRequires: readline-devel >= 6.2-4
@@ -303,6 +304,9 @@ cd %{gdb_build}
 
 
 %changelog
+* Tue Oct 21 2025 tomcruiseqi <tomcruiseqi@inspur.com> - 14.2-3
+- Fix CVE-2025-11082
+
 *Fri Apr 25 2025 Shangtong Guo <guo.shangtong@zte.com.cn> - 14.2-2
 - add support for riscv64 build
 
-- 
Gitee