[AutoPR- Security] Patch gdb for CVE-2025-1178, CVE-2025-1176 [MEDIUM]

[azurelinux-security]

Auto Patch gdb for CVE-2025-1178, CVE-2025-1176.

Autosec pipeline run -> https://dev.azure.com/mariner-org/mariner/_build/results?buildId=1121608&view=results
Autosec pipeline run -> https://dev.azure.com/mariner-org/mariner/_build/results?buildId=1121992&view=results

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

• The toolchain has been rebuilt successfully (or no changes were made to it)
• The toolchain/worker package manifests are up-to-date
• Any updated packages successfully build (or no packages were changed)
• Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
• Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
• All package sources are available
• cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
• LICENSE-MAP files are up-to-date (./LICENSES-AND-NOTICES/SPECS/data/licenses.json, ./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md, ./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)
• All source files have up-to-date hashes in the *.signatures.json files
• sudo make go-tidy-all and sudo make go-test-coverage pass
• Documentation has been updated to match any changes to the build system
• Ready to merge

---

Summary

What does the PR accomplish, why was it needed?

• Auto Patch gdb for CVE-2025-1178 (MEDIUM), CVE-2025-1176 (MEDIUM).

Change Log

• CVE-2025-1178
• CVE-2025-1176

Does this affect the toolchain?

YES/NO

Associated issues

• N/A

Links to CVEs

• https://nvd.nist.gov/vuln/detail/CVE-2025-1178
• https://nvd.nist.gov/vuln/detail/CVE-2025-1176

Test Methodology

• Pipeline build id: Buddy Build URL
• Pipeline build id: Buddy Build URL

[AkarshHCL]

Confirmed affected by verifying bfd/elf64-x86-64.c is compiled during the build
by inspecting build logs and by introducing a deliberate compile-time error in
that file which caused the build to fail as expected, proving the file is active
in the build graph.

Patch verified to be in sync with the upstream fix.
Buddy build is successful.
checked logs of buddy build could see the patch getting applied-

[azurelinux-security]

🔒 CVE Patch Review: CVE-2025-1176, CVE-2025-1178

PR #17354 — [AutoPR- Security] Patch gdb for CVE-2025-1178, CVE-2025-1176 [MEDIUM]
Package: gdb | Branch: 3.0-dev

---

Spec File Validation

Check	Status	Detail
Release bump	✅	Release bumped 8 → 9
Patch entry	✅	Patch entries added: ['CVE-2025-1178.patch', 'CVE-2025-1176.patch'] (covers ['CVE-2025-1176', 'CVE-2025-1178'])
Patch application	✅	%autosetup/%autopatch found in full spec — patches applied automatically
Changelog	✅	Changelog entry looks good
Signatures	✅	No source tarball changes — signatures N/A
Manifests	✅	Not a toolchain PR — manifests N/A

---

Build Verification

• Build status: ✅ PASSED
• Artifact downloaded: ✅
• CVE applied during build: ✅
• Warnings (17):
  • L540: time="2026-05-19T18:10:21Z" level=debug msg="sframe-dump.c:161:7: warning: '__builtin___strncat_chk' output truncated before terminating nul copying 3 bytes from a string of the same length [-Wstringop-truncation]"
  • L683: time="2026-05-19T18:10:22Z" level=debug msg="egrep: warning: egrep is obsolescent; using grep -E"
  • L5968: time="2026-05-19T18:10:58Z" level=debug msg="egrep: warning: egrep is obsolescent; using grep -E"
  • L5969: time="2026-05-19T18:10:58Z" level=debug msg="configure: WARNING: libipt is missing or unusable; some features may be unavailable."
  • L6564: time="2026-05-19T18:11:02Z" level=debug msg="egrep: warning: egrep is obsolescent; using grep -E"
  • L6566: time="2026-05-19T18:11:02Z" level=debug msg="configure: WARNING: libipt is missing or unusable; some features may be unavailable."
  • L7165: time="2026-05-19T18:11:03Z" level=debug msg="configure: WARNING:"
  • L7438: time="2026-05-19T18:11:14Z" level=debug msg="egrep: warning: egrep is obsolescent; using grep -E"
  • L7440: time="2026-05-19T18:11:14Z" level=debug msg="configure: WARNING: libipt is missing or unusable; some features may be unavailable."
  • L7450: time="2026-05-19T18:11:14Z" level=debug msg="configure: WARNING: babeltrace is missing or unusable; GDB is unable to read CTF data."
  • … and 7 more

🤖 AI Build Log Analysis

• Risk: low
• Summary: The gdb 13.2-9.azl3 build completed successfully and produced both the main and debuginfo RPMs. All CVE patches, including CVE-2025-1176 and CVE-2025-1178, were applied during %prep using patch with --fuzz=0 and the step exited with RPM_EC=0. The configure/build/install stages finished without compilation or linker errors, and packaging wrote the RPMs. Tests were disabled (rpmbuild --nocheck), so no runtime/test validation was performed.
• AI-detected warnings:
  • rpm: warning: Could not canonicalize hostname: f6d25458c000000
  • libtool install warning: remember to run libtool --finish /usr/lib (harmless for packaging)
  • configure noted unsupported subdirectories: zlib readline sim (expected with system zlib/readline and --disable-sim)
  • find-debuginfo/cpio emitted 'Cannot stat: No such file or directory' for temporary .tmp sources (non-fatal)

---

🧪 Test Log Analysis

• Test status: ❌ FAILED
• Test errors (358):
  • L11073: time="2026-05-19T18:12:29Z" level=debug msg="Running selftest memory_error::ARC600."
  • L11074: time="2026-05-19T18:12:29Z" level=debug msg="Running selftest memory_error::ARC601."
  • L11075: time="2026-05-19T18:12:29Z" level=debug msg="Running selftest memory_error::ARC700."
  • L11076: time="2026-05-19T18:12:29Z" level=debug msg="Running selftest memory_error::ARCv2."
  • L11077: time="2026-05-19T18:12:29Z" level=debug msg="Running selftest memory_error::Loongarch32."
  • L11078: time="2026-05-19T18:12:29Z" level=debug msg="Running selftest memory_error::Loongarch64."
  • L11079: time="2026-05-19T18:12:29Z" level=debug msg="Running selftest memory_error::MSP430."
  • L11080: time="2026-05-19T18:12:29Z" level=debug msg="Running selftest memory_error::MSP430X."
  • L11081: time="2026-05-19T18:12:29Z" level=debug msg="Running selftest memory_error::MSP430x11x1."
  • L11082: time="2026-05-19T18:12:29Z" level=debug msg="Running selftest memory_error::MSP430x12."
  • … and 348 more
• Test warnings (22):
  • L560: time="2026-05-19T18:11:46Z" level=debug msg="sframe-dump.c:161:7: warning: '__builtin___strncat_chk' output truncated before terminating nul copying 3 bytes from a string of the same length [-Wstringop-truncation]"
  • L699: time="2026-05-19T18:11:46Z" level=debug msg="egrep: warning: egrep is obsolescent; using grep -E"
  • L6348: time="2026-05-19T18:11:59Z" level=debug msg="configure: WARNING:"
  • L6760: time="2026-05-19T18:12:02Z" level=debug msg="egrep: warning: egrep is obsolescent; using grep -E"
  • L6761: time="2026-05-19T18:12:02Z" level=debug msg="configure: WARNING: libipt is missing or unusable; some features may be unavailable."
  • L7141: time="2026-05-19T18:12:03Z" level=debug msg="egrep: warning: egrep is obsolescent; using grep -E"
  • L7142: time="2026-05-19T18:12:03Z" level=debug msg="configure: WARNING: libipt is missing or unusable; some features may be unavailable."
  • L7417: time="2026-05-19T18:12:14Z" level=debug msg="egrep: warning: egrep is obsolescent; using grep -E"
  • L7418: time="2026-05-19T18:12:14Z" level=debug msg="configure: WARNING: libipt is missing or unusable; some features may be unavailable."
  • L7420: time="2026-05-19T18:12:14Z" level=debug msg="configure: WARNING: babeltrace is missing or unusable; GDB is unable to read CTF data."

🤖 AI Test Log Analysis

• Risk: medium
• Summary: The GDB package built successfully with the CVE-2025-1176 and CVE-2025-1178 patches applied cleanly, and the %check phase exited with status 0. The gdb.testsuite ran the gdb.base/default.exp subset showing 258 expected passes with no reported failures, libiberty unit tests (e.g., test-expandargv and test-strtol) all passed, libsframe reported 4 unsupported tests but no failures, and libctf emitted DejaGNU configuration warnings and appeared to run no tests. Overall, no regressions or failures were observed, but coverage was limited to a subset of tests.

---

Patch Analysis

• Match type: backport
• Risk assessment: low
• Summary: The PR cleanly backports the upstream fix that prevents illegal memory access when indexing cookie->sym_hashes by introducing get_ext_sym_hash() and using it in three sites (_bfd_elf_section_for_symbol, _bfd_elf_gc_mark_rsec, and bfd_elf_reloc_symbol_deleted_p) with proper bounds checks. Context and line numbers differ due to an older base, but the logic matches upstream. | The PR applies the same guard check as upstream to bfd/elf64-x86-64.c in elf_x86_64_finish_dynamic_symbol, emitting a fatal error and returning false when relgot is missing or empty before generating dynamic relocs. The code hunk is functionally identical to upstream, with only context/line-number differences consistent with a backport and packaging metadata added.

Detailed analysis

Comparison shows the PR implements the same core change as upstream commit f9978def: it adds a static helper get_ext_sym_hash(cookie, r_symndx) that returns NULL unless the symbol is non-local (or out of local range) and r_symndx >= cookie->extsymoff, thereby guarding the sym_hashes index, and follows indirect/warning links. Then it updates three functions to use this helper:

• _bfd_elf_section_for_symbol: Replaces the previous direct check and indexing with a call to get_ext_sym_hash. If h != NULL, it handles the global symbol case (including discarded-section handling); otherwise, it proceeds to handle the local symbol case unconditionally after the if block. This mirrors the upstream restructuring (moving local-symbol handling out of the else).

• _bfd_elf_gc_mark_rsec: Replaces the conditional and direct sym_hashes access (and removes the explicit h==NULL error path) with h = get_ext_sym_hash(cookie, r_symndx); and only proceeds if h != NULL. This matches upstream, including the removal of the error message path.

• bfd_elf_reloc_symbol_deleted_p: Introduces a local h, assigns via get_ext_sym_hash(rcookie, r_symndx), and only processes the global symbol path if h != NULL. This matches upstream.

The PR’s file indices and context line numbers differ (fc3edef..afafbbb vs upstream a31e4092a16..1f1263007c0), indicating an older base, and placement of the new helper appears earlier in the file (around where struct elf_find_verdep_info is present) rather than the exact upstream surrounding context. These are expected for a backport and do not affect semantics; the helper is defined before its uses, so no prototype issues arise. The guard condition in get_ext_sym_hash, the while-loop dereferencing of indirect/warning hash entries, and all downstream behavior are identical to upstream. The PR also removes the explicit corrupt-input einfo() branch in _bfd_elf_gc_mark_rsec, matching upstream’s change.

No upstream hunks are missing: all three modified regions are present with equivalent logic and the same net 45 insertions/45 deletions. Given the faithful replication of guard logic and usage, the risk of incompleteness or regression beyond what upstream accepted is low. As with any backport, minor context differences exist, but they are limited to surrounding code layout and do not alter the fix’s behavior.

1. Core fix equivalence: Both patches insert the same conditional block under the "if (generate_dynamic_reloc)" path in elf_x86_64_finish_dynamic_symbol. The added code checks if relgot == NULL or relgot->size == 0, then calls info->callbacks->einfo with the identical message "%F%pB: Unable to generate dynamic relocs because a suitable section does not exist\n" and returns false. This precisely matches the upstream logic and message.

2. Differences vs upstream: The PR patch is carried as a packaging patch file (SPECS/gdb/CVE-2025-1178.patch) and includes additional metadata lines (Signed-off-by, Upstream-reference) not present in the upstream commit. The file index hashes and line numbers differ (PR hunk at around line 4646 vs upstream around 5303), indicating it is applied to an older codebase revision. No functional differences exist in the inserted code.

3. Missing hunks: Upstream patch contains a single insertion hunk only; no other changes (e.g., tests) are present upstream. The PR includes that hunk in full, so nothing is missing.

4. Risk and completeness: The change is minimal and defensive, only affecting the error path when attempting to generate dynamic relocs without a relgot section (corrupt input scenario). It prevents an abort by reporting a fatal error via einfo and returning false. The risk of regressions is low since valid inputs with a proper relgot are unaffected. Behavior matches upstream’s accepted fix.

5. Backport context safety: Context lines adjacent to the insertion (generate_dynamic_reloc handling and subsequent relative_reloc_name/htab->params logic) match the expected structure, implying the function’s surrounding logic is compatible. Variable names (relgot, info->callbacks->einfo, htab->params->report_relative_reloc) are consistent, so the backport applies cleanly and safely.

Raw diff (upstream vs PR)

--- upstream
+++ pr
@@ -1,156 +1,165 @@
-From f9978defb6fab0bd8583942d97c112b0932ac814 Mon Sep 17 00:00:00 2001
-From: Nick Clifton <nickc@redhat.com>
-Date: Wed, 5 Feb 2025 11:15:11 +0000
-Subject: [PATCH] Prevent illegal memory access when indexing into the
- sym_hashes array of the elf bfd cookie structure.
-
-PR 32636
----
- bfd/elflink.c | 90 +++++++++++++++++++++++++--------------------------
- 1 file changed, 45 insertions(+), 45 deletions(-)
-
-diff --git a/bfd/elflink.c b/bfd/elflink.c
-index a31e4092a16..1f1263007c0 100644
---- a/bfd/elflink.c
-+++ b/bfd/elflink.c
-@@ -96,22 +96,37 @@ _bfd_elf_link_keep_memory (struct bfd_link_info *info)
-   return true;
- }
- 
--asection *
--_bfd_elf_section_for_symbol (struct elf_reloc_cookie *cookie,
--			     unsigned long r_symndx,
--			     bool discard)
-+static struct elf_link_hash_entry *
-+get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
- {
--  if (r_symndx >= cookie->locsymcount
--      || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
--    {
--      struct elf_link_hash_entry *h;
-+  struct elf_link_hash_entry *h = NULL;
- 
-+  if ((r_symndx >= cookie->locsymcount
-+       || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
-+      /* Guard against corrupt input.  See PR 32636 for an example.  */
-+      && r_symndx >= cookie->extsymoff)
-+    {
-       h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
- 
-       while (h->root.type == bfd_link_hash_indirect
- 	     || h->root.type == bfd_link_hash_warning)
- 	h = (struct elf_link_hash_entry *) h->root.u.i.link;
-+    }
+diff --git a/SPECS/gdb/CVE-2025-1176.patch b/SPECS/gdb/CVE-2025-1176.patch
+new file mode 100644
+index 00000000000..47a5e59035b
+--- /dev/null
++++ b/SPECS/gdb/CVE-2025-1176.patch
+@@ -0,0 +1,159 @@
++From 762fa3949f284e522629846fd9824cd9368dbb75 Mon Sep 17 00:00:00 2001
++From: Nick Clifton <nickc@redhat.com>
++Date: Wed, 5 Feb 2025 11:15:11 +0000
++Subject: [PATCH] Prevent illegal memory access when indexing into the
++ sym_hashes array of the elf bfd cookie structure.
 +
-+  return h;
-+}
- 
-+asection *
-+_bfd_elf_section_for_symbol (struct elf_reloc_cookie *cookie,
-+			     unsigned long r_symndx,
-+			     bool discard)
-+{
-+  struct elf_link_hash_entry *h;
++PR 32636
 +
-+  h = get_ext_sym_hash (cookie, r_symndx);
-+  
-+  if (h != NULL)
-+    {
-       if ((h->root.type == bfd_link_hash_defined
- 	   || h->root.type == bfd_link_hash_defweak)
- 	   && discarded_section (h->root.u.def.section))
-@@ -119,21 +134,20 @@ _bfd_elf_section_for_symbol (struct elf_reloc_cookie *cookie,
-       else
- 	return NULL;
-     }
--  else
--    {
--      /* It's not a relocation against a global symbol,
--	 but it could be a relocation against a local
--	 symbol for a discarded section.  */
--      asection *isec;
--      Elf_Internal_Sym *isym;
- 
--      /* Need to: get the symbol; get the section.  */
--      isym = &cookie->locsyms[r_symndx];
--      isec = bfd_section_from_elf_index (cookie->abfd, isym->st_shndx);
--      if (isec != NULL
--	  && discard ? discarded_section (isec) : 1)
--	return isec;
--     }
-+  /* It's not a relocation against a global symbol,
-+     but it could be a relocation against a local
-+     symbol for a discarded section.  */
-+  asection *isec;
-+  Elf_Internal_Sym *isym;
++Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
++Upstream-reference: https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=f9978defb6fab0bd8583942d97c112b0932ac814
++---
++ bfd/elflink.c | 90 +++++++++++++++++++++++++--------------------------
++ 1 file changed, 45 insertions(+), 45 deletions(-)
 +
-+  /* Need to: get the symbol; get the section.  */
-+  isym = &cookie->locsyms[r_symndx];
-+  isec = bfd_section_from_elf_index (cookie->abfd, isym->st_shndx);
-+  if (isec != NULL
-+      && discard ? discarded_section (isec) : 1)
-+    return isec;
++diff --git a/bfd/elflink.c b/bfd/elflink.c
++index fc3edef..afafbbb 100644
++--- a/bfd/elflink.c
+++++ b/bfd/elflink.c
++@@ -62,22 +62,37 @@ struct elf_find_verdep_info
++ static bool _bfd_elf_fix_symbol_flags
++   (struct elf_link_hash_entry *, struct elf_info_failed *);
++ 
++-asection *
++-_bfd_elf_section_for_symbol (struct elf_reloc_cookie *cookie,
++-			     unsigned long r_symndx,
++-			     bool discard)
+++static struct elf_link_hash_entry *
+++get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx)
++ {
++-  if (r_symndx >= cookie->locsymcount
++-      || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
++-    {
++-      struct elf_link_hash_entry *h;
+++  struct elf_link_hash_entry *h = NULL;
++ 
+++  if ((r_symndx >= cookie->locsymcount
+++       || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
+++      /* Guard against corrupt input.  See PR 32636 for an example.  */
+++      && r_symndx >= cookie->extsymoff)
+++    {
++       h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
++ 
++       while (h->root.type == bfd_link_hash_indirect
++ 	     || h->root.type == bfd_link_hash_warning)
++ 	h = (struct elf_link_hash_entry *) h->root.u.i.link;
+++    }
+++
+++  return h;
+++}
++ 
+++asection *
+++_bfd_elf_section_for_symbol (struct elf_reloc_cookie *cookie,
+++			     unsigned long r_symndx,
+++			     bool discard)
+++{
+++  struct elf_link_hash_entry *h;
+++
+++  h = get_ext_sym_hash (cookie, r_symndx);
+++  
+++  if (h != NULL)
+++    {
++       if ((h->root.type == bfd_link_hash_defined
++ 	   || h->root.type == bfd_link_hash_defweak)
++ 	   && discarded_section (h->root.u.def.section))
++@@ -85,21 +100,20 @@ _bfd_elf_section_for_symbol (struct elf_reloc_cookie *cookie,
++       else
++ 	return NULL;
++     }
++-  else
++-    {
++-      /* It's not a relocation against a global symbol,
++-	 but it could be a relocation against a local
++-	 symbol for a discarded section.  */
++-      asection *isec;
++-      Elf_Internal_Sym *isym;
++ 
++-      /* Need to: get the symbol; get the section.  */
++-      isym = &cookie->locsyms[r_symndx];
++-      isec = bfd_section_from_elf_index (cookie->abfd, isym->st_shndx);
++-      if (isec != NULL
++-	  && discard ? discarded_section (isec) : 1)
++-	return isec;
++-     }
+++  /* It's not a relocation against a global symbol,
+++     but it could be a relocation against a local
+++     symbol for a discarded section.  */
+++  asection *isec;
+++  Elf_Internal_Sym *isym;
+++
+++  /* Need to: get the symbol; get the section.  */
+++  isym = &cookie->locsyms[r_symndx];
+++  isec = bfd_section_from_elf_index (cookie->abfd, isym->st_shndx);
+++  if (isec != NULL
+++      && discard ? discarded_section (isec) : 1)
+++    return isec;
+++
++   return NULL;
++ }
++ 
++@@ -13707,22 +13721,12 @@ _bfd_elf_gc_mark_rsec (struct bfd_link_info *info, asection *sec,
++   if (r_symndx == STN_UNDEF)
++     return NULL;
++ 
++-  if (r_symndx >= cookie->locsymcount
++-      || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
+++  h = get_ext_sym_hash (cookie, r_symndx);
+++  
+++  if (h != NULL)
++     {
++       bool was_marked;
++ 
++-      h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
++-      if (h == NULL)
++-	{
++-	  info->callbacks->einfo (_("%F%P: corrupt input: %pB\n"),
++-				  sec->owner);
++-	  return NULL;
++-	}
++-      while (h->root.type == bfd_link_hash_indirect
++-	     || h->root.type == bfd_link_hash_warning)
++-	h = (struct elf_link_hash_entry *) h->root.u.i.link;
++-
++       was_marked = h->mark;
++       h->mark = 1;
++       /* Keep all aliases of the symbol too.  If an object symbol
++@@ -14768,17 +14772,12 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma offset, void *cookie)
++       if (r_symndx == STN_UNDEF)
++ 	return true;
++ 
++-      if (r_symndx >= rcookie->locsymcount
++-	  || ELF_ST_BIND (rcookie->locsyms[r_symndx].st_info) != STB_LOCAL)
++-	{
++-	  struct elf_link_hash_entry *h;
++-
++-	  h = rcookie->sym_hashes[r_symndx - rcookie->extsymoff];
++-
++-	  while (h->root.type == bfd_link_hash_indirect
++-		 || h->root.type == bfd_link_hash_warning)
++-	    h = (struct elf_link_hash_entry *) h->root.u.i.link;
+++      struct elf_link_hash_entry *h;
++ 
+++      h = get_ext_sym_hash (rcookie, r_symndx);
+++      
+++      if (h != NULL)
+++	{
++ 	  if ((h->root.type == bfd_link_hash_defined
++ 	       || h->root.type == bfd_link_hash_defweak)
++ 	      && (h->root.u.def.section->owner != rcookie->abfd
++@@ -14802,6 +14801,7 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma offset, void *cookie)
++ 		  || discarded_section (isec)))
++ 	    return true;
++ 	}
+++
++       return false;
++     }
++   return false;
++-- 
++2.45.4
 +
-   return NULL;
- }
- 
-@@ -13997,22 +14011,12 @@ _bfd_elf_gc_mark_rsec (struct bfd_link_info *info, asection *sec,
-   if (r_symndx == STN_UNDEF)
-     return NULL;
- 
--  if (r_symndx >= cookie->locsymcount
--      || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL)
-+  h = get_ext_sym_hash (cookie, r_symndx);
-+  
-+  if (h != NULL)
-     {
-       bool was_marked;
- 
--      h = cookie->sym_hashes[r_symndx - cookie->extsymoff];
--      if (h == NULL)
--	{
--	  info->callbacks->einfo (_("%F%P: corrupt input: %pB\n"),
--				  sec->owner);
--	  return NULL;
--	}
--      while (h->root.type == bfd_link_hash_indirect
--	     || h->root.type == bfd_link_hash_warning)
--	h = (struct elf_link_hash_entry *) h->root.u.i.link;
--
-       was_marked = h->mark;
-       h->mark = 1;
-       /* Keep all aliases of the symbol too.  If an object symbol
-@@ -15067,17 +15071,12 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma offset, void *cookie)
-       if (r_symndx == STN_UNDEF)
- 	return true;
- 
--      if (r_symndx >= rcookie->locsymcount
--	  || ELF_ST_BIND (rcookie->locsyms[r_symndx].st_info) != STB_LOCAL)
--	{
--	  struct elf_link_hash_entry *h;
--
--	  h = rcookie->sym_hashes[r_symndx - rcookie->extsymoff];
--
--	  while (h->root.type == bfd_link_hash_indirect
--		 || h->root.type == bfd_link_hash_warning)
--	    h = (struct elf_link_hash_entry *) h->root.u.i.link;
-+      struct elf_link_hash_entry *h;
- 
-+      h = get_ext_sym_hash (rcookie, r_symndx);
-+      
-+      if (h != NULL)
-+	{
- 	  if ((h->root.type == bfd_link_hash_defined
- 	       || h->root.type == bfd_link_hash_defweak)
- 	      && (h->root.u.def.section->owner != rcookie->abfd
-@@ -15101,6 +15100,7 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma offset, void *cookie)
- 		  || discarded_section (isec)))
- 	    return true;
- 	}
-+
-       return false;
-     }
-   return false;
--- 
-2.43.7
-

--- upstream
+++ pr
@@ -1,34 +1,43 @@
-From 75086e9de1707281172cc77f178e7949a4414ed0 Mon Sep 17 00:00:00 2001
-From: Nick Clifton <nickc@redhat.com>
-Date: Wed, 5 Feb 2025 13:26:51 +0000
-Subject: [PATCH] Prevent an abort in the bfd linker when attempting to
- generate dynamic relocs for a corrupt input file.
-
-PR 32638
----
- bfd/elf64-x86-64.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
-index 61334c3ab04..32db254ba6c 100644
---- a/bfd/elf64-x86-64.c
-+++ b/bfd/elf64-x86-64.c
-@@ -5303,6 +5303,15 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
- 
-       if (generate_dynamic_reloc)
- 	{
-+	  /* If the relgot section has not been created, then
-+	     generate an error instead of a reloc.  cf PR 32638.  */
-+	  if (relgot == NULL || relgot->size == 0)
-+	    {
-+	      info->callbacks->einfo (_("%F%pB: Unable to generate dynamic relocs because a suitable section does not exist\n"),
-+					output_bfd);
-+	      return false;
-+	    }
-+	  
- 	  if (relative_reloc_name != NULL
- 	      && htab->params->report_relative_reloc)
- 	    _bfd_x86_elf_link_report_relative_reloc
--- 
-2.43.7
-
+diff --git a/SPECS/gdb/CVE-2025-1178.patch b/SPECS/gdb/CVE-2025-1178.patch
+new file mode 100644
+index 00000000000..bc62f2250f5
+--- /dev/null
++++ b/SPECS/gdb/CVE-2025-1178.patch
+@@ -0,0 +1,37 @@
++From f0e64304059decf627cee992330188eaf87761aa Mon Sep 17 00:00:00 2001
++From: Nick Clifton <nickc@redhat.com>
++Date: Wed, 5 Feb 2025 13:26:51 +0000
++Subject: [PATCH] Prevent an abort in the bfd linker when attempting to
++ generate dynamic relocs for a corrupt input file.
++
++PR 32638
++
++Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
++Upstream-reference: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75086e9de1707281172cc77f178e7949a4414ed0;a=patch;
++---
++ bfd/elf64-x86-64.c | 9 +++++++++
++ 1 file changed, 9 insertions(+)
++
++diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
++index 8cf733d..4fd5d01 100644
++--- a/bfd/elf64-x86-64.c
+++++ b/bfd/elf64-x86-64.c
++@@ -4646,6 +4646,15 @@ elf_x86_64_finish_dynamic_symbol (bfd *output_bfd,
++ 
++       if (generate_dynamic_reloc)
++ 	{
+++	  /* If the relgot section has not been created, then
+++	     generate an error instead of a reloc.  cf PR 32638.  */
+++	  if (relgot == NULL || relgot->size == 0)
+++	    {
+++	      info->callbacks->einfo (_("%F%pB: Unable to generate dynamic relocs because a suitable section does not exist\n"),
+++					output_bfd);
+++	      return false;
+++	    }
+++	  
++ 	  if (relative_reloc_name != NULL
++ 	      && htab->params->report_relative_reloc)
++ 	    _bfd_x86_elf_link_report_relative_reloc
++-- 
++2.45.4
++

---

Verdict

❌ CHANGES REQUESTED — Please address the issues flagged above.

[Kanishk-Bansal]

Patch Analysis (both the patch matches upstream; the AI test analysis can be ignored.)

• Buddy Build 
• patch applied during the build (check rpm.log)
• patch include an upstream reference
• PR has security tag