From f5412ad64f0abdfcfb4a223cf3b7921067e44bdc Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Sat, 31 May 2025 10:16:30 +0800
Subject: [PATCH] fix CVE-2024-22653

(cherry picked from commit a10c8aec8c031660d9adc891e60eadbd3ea9c9ba)
---
 CVE-2024-22653.patch | 25 +++++++++++++++++++++++++
 yasm.spec            |  6 +++++-
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2024-22653.patch

diff --git a/CVE-2024-22653.patch b/CVE-2024-22653.patch
new file mode 100644
index 0000000..7a149cb
--- /dev/null
+++ b/CVE-2024-22653.patch
@@ -0,0 +1,25 @@
+From 121ab150b3577b666c79a79f4a511798d7ad2432 Mon Sep 17 00:00:00 2001
+From: haruki3hhh <135201297+haruki3hhh@users.noreply.github.com>
+Date: Mon, 24 Jun 2024 18:08:27 -0500
+Subject: [PATCH] Fix null pointer dereference in yasm_section_bcs_append
+ (#263)
+
+---
+ libyasm/section.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/libyasm/section.c b/libyasm/section.c
+index 592f5b86c..1459eccc2 100644
+--- a/libyasm/section.c
++++ b/libyasm/section.c
+@@ -629,6 +629,10 @@ yasm_bytecode *
+ yasm_section_bcs_append(yasm_section *sect, yasm_bytecode *bc)
+ {
+     if (bc) {
++        if (!sect) {
++            yasm_error_set(YASM_ERROR_VALUE, "Attempt to append bytecode to a NULL section or with a NULL bytecode");
++            return NULL;
++        }
+         if (bc->callback) {
+             bc->section = sect;     /* record parent section */
+             STAILQ_INSERT_TAIL(&sect->bcs, bc, link);
diff --git a/yasm.spec b/yasm.spec
index 78c0995..452a9e3 100644
--- a/yasm.spec
+++ b/yasm.spec
@@ -1,6 +1,6 @@
 Name:           yasm
 Version:        1.3.0
-Release:        13
+Release:        14
 Summary:        NASM assembler
 License:        BSD-2-Clause AND BSD-3-Clause AND (GPL-1.0-or-later AND GPL-2.0-or-later OR Artistic-1.0-Perl OR LGPL-2.0-or-later)
 URL:            https://yasm.tortall.net/
@@ -14,6 +14,7 @@ Patch4:         CVE-2021-33454.patch
 Patch5:         CVE-2021-33464.patch
 # from debian
 Patch6:         CVE-2023-29579.patch
+Patch7:         CVE-2024-22653.patch
 
 BuildRequires:  gcc bison byacc gettext-devel xmlto
 Provides:       bundled(md5-plumb)
@@ -54,6 +55,9 @@ The package contains the libraries and headers necessary for the yasm Modular As
 %{_mandir}/man?/*
 
 %changelog
+* Sat May 31 2025 Funda Wang <fundawang@yeah.net> - 1.3.0-14
+- fix CVE-2024-22653
+
 * Mon May 12 2025 Funda Wang <fundawang@yeah.net> - 1.3.0-13
 - fix CVE-2021-33454, CVE-2021-33464, CVE-2023-29579
 
-- 
Gitee