Update to 0.9.1 and fix CVE-2024-2002

CVE-2024-2002.patch

@@ -0,0 +1,164 @@
+From 404e6b1b14f60c81388d50b4239f81d461b3c3ad Mon Sep 17 00:00:00 2001
+From: David Anderson <davea42@linuxmail.org>
+Date: Sat, 17 Feb 2024 13:33:39 -0800
+Subject: [PATCH] Fixing DW202402-002, corrupt object caused various libdwarf
+ crashes with some tailored/fuzzed object files. 	modified:  
+ src/lib/libdwarf/dwarf_alloc.c 	modified:  
+ src/lib/libdwarf/dwarf_error.c
+
+Origin: https://github.com/davea42/libdwarf-code/commit/404e6b1b14f60c81388d50b4239f81d461b3c3ad
+
+---
+ src/lib/libdwarf/dwarf_alloc.c | 56 ++++++++++++++++++++++++++++++++--
+ src/lib/libdwarf/dwarf_error.c |  5 +--
+ 2 files changed, 57 insertions(+), 4 deletions(-)
+
+diff --git a/src/lib/libdwarf/dwarf_alloc.c b/src/lib/libdwarf/dwarf_alloc.c
+index 9ef9b16f4..a73b8abf9 100644
+--- a/src/lib/libdwarf/dwarf_alloc.c
++++ b/src/lib/libdwarf/dwarf_alloc.c
+@@ -143,6 +143,7 @@ _dwarf_error_destructor(void *m)
+ #if DEBUG_ALLOC
+     printf("libdwarfdetector DEALLOC Now destruct error "
+         "string %s\n",dwarfstring_string(erm));
++    fflush(stdout);
+ #endif /* DEBUG_ALLOC */
+     dwarfstring_destructor(erm);
+     free(erm);
+@@ -182,6 +183,8 @@ struct reserve_data_s {
+ 
+ #define STATIC_ALLOWED 10 /* arbitrary, must be > 2, see below*/
+ static unsigned static_used = 0;
++/*  entries in this list point to allocations of
++    type DW_DLA_ERROR. */
+ static Dwarf_Error staticerrlist[STATIC_ALLOWED];
+ 
+ /*  Clean this out if found */
+@@ -215,7 +218,7 @@ dw_empty_errlist_item(Dwarf_Error e_in)
+     }
+ }
+ 
+-/*  If the userr calls dwarf_dealloc on an error
++/*  If the user calls dwarf_dealloc on an error
+     out of a dwarf_init*() call, this will find
+     it in the static err list. Here dbg is NULL
+     so not mentioned.  */
+@@ -226,11 +229,21 @@ _dwarf_add_to_static_err_list(Dwarf_Error error)
+     if (!error) {
+         return;
+     }
++#ifdef DEBUG_ALLOC
++    printf("\nlibdwarfdetector add to static err list "
++        " 0x%lx\n",(unsigned long)(uintptr_t)error);
++    fflush(stdout);
++#endif /* DEBUG_ALLOC */
+     for ( ; i <static_used; ++i) {
+         Dwarf_Error e = staticerrlist[i];
+         if (e) {
+             continue;
+         }
++#ifdef DEBUG_ALLOC
++        printf("libdwarfdetector add to static err list at %u\n",
++            i);
++        fflush(stdout);
++#endif /* DEBUG_ALLOC */
+         staticerrlist[i] = error;
+         return;
+     }
+@@ -239,6 +252,38 @@ _dwarf_add_to_static_err_list(Dwarf_Error error)
+         ++static_used;
+     }
+ }
++/*  See libdwarf vulnerability DW202402-002
++    for the motivation.
++*/
++static void
++_dwarf_remove_from_staticerrlist(Dwarf_Ptr *space)
++{
++    unsigned i = 0;
++    if (!space) {
++        return;
++    }
++#ifdef DEBUG_ALLOC
++    printf("\nlibdwarfdetector remove from static err list "
++        " 0x%lx\n",(unsigned long)(uintptr_t)space);
++    fflush(stdout);
++#endif /* DEBUG_ALLOC */
++    for ( ; i <static_used; ++i) {
++        Dwarf_Error e = staticerrlist[i];
++        if (!e) {
++            continue;
++        }
++        if ((void *)e == space) {
++#ifdef DEBUG_ALLOC
++            printf("libdwarfdetector rm from static err list at %u\n",
++            i);
++            fflush(stdout);
++#endif /* DEBUG_ALLOC */ 
++            staticerrlist[i] = 0;
++            return;
++        }
++    }
++}
++
+ /*  This will free everything in the staticerrlist,
+     but that is ok */
+ void
+@@ -671,7 +716,7 @@ _dwarf_get_alloc(Dwarf_Debug dbg,
+             }
+         }
+ #if DEBUG_ALLOC
+-        printf("libdwarfdetector ALLOC ret 0x%lx type 0x%x "
++        printf("\nlibdwarfdetector ALLOC ret 0x%lx type 0x%x "
+             "size %lu line %d %s\n",
+             (unsigned long)ret_mem,(unsigned)alloc_type,
+             (unsigned long)size,__LINE__,__FILE__);
+@@ -804,6 +849,9 @@ dwarf_dealloc(Dwarf_Debug dbg,
+     unsigned int type = 0;
+     char * malloc_addr = 0;
+     struct reserve_data_s * r = 0;
++#if 0
++    Dwarf_Bool check_errmsg_list = FALSE;
++#endif
+ 
+     if (!space) {
+ #ifdef DEBUG_ALLOC
+@@ -921,11 +969,15 @@ dwarf_dealloc(Dwarf_Debug dbg,
+         if (ep->er_static_alloc == DE_MALLOC) {
+             /*  This is special, we had no arena
+                 but have a full special area as normal. */
++#if 0
++            check_errmsg_list = TRUE;
++#endif
+ #ifdef DEBUG_ALLOC
+             printf("DEALLOC does free, DE_MALLOC line %d %s\n",
+                 __LINE__,__FILE__);
+             fflush(stdout);
+ #endif /* DEBUG_ALLOC*/
++            _dwarf_remove_from_staticerrlist(space);
+         }
+         /* Was normal alloc, use normal dealloc. */
+         /* DW_DLA_ERROR has a specialdestructor */
+diff --git a/src/lib/libdwarf/dwarf_error.c b/src/lib/libdwarf/dwarf_error.c
+index e49706693..73f60f2b3 100644
+--- a/src/lib/libdwarf/dwarf_error.c
++++ b/src/lib/libdwarf/dwarf_error.c
+@@ -140,7 +140,8 @@ _dwarf_error_string(Dwarf_Debug dbg, Dwarf_Error * error,
+                 errptr = &_dwarf_failsafe_error;
+                 errptr->er_static_alloc = DE_STATIC;
+ #ifdef DEBUG
+-                printf("libdwarf no dbg, fullystatic, "
++                printf("libdwarf no dbg to dwarf_error_string,"
++                    " fullystatic, "
+                     "using DE_STATIC alloc, addr"
+                     " 0x%lx line %d %s\n",
+                     (unsigned long)errptr,
+@@ -150,7 +151,7 @@ _dwarf_error_string(Dwarf_Debug dbg, Dwarf_Error * error,
+                 errptr->er_static_alloc = DE_MALLOC;
+ 
+ #ifdef DEBUG
+-                printf("libdwarf no dbg,leaks, "
++                printf("libdwarf no dbg, add to static_err_list "
+                     "static DE_MALLOC alloc, addr"
+                     " 0x%lx line %d %s\n",
+                     (unsigned long)errptr,

libdwarf.spec

@@ -1,10 +1,12 @@
 Name:          libdwarf
-Version:       0.7.0
+Epoch:         1
+Version:       0.9.1
 Release:       1
 Summary:       Library to access DWARF debugging information
 License:       LGPLv2
 URL:           http://www.prevanders.net/dwarf.html
 Source0:       https://www.prevanders.net/%{name}-%{version}.tar.xz
+Patch0:        CVE-2024-2002.patch
 BuildRequires: gcc make python3 
 
 %description
@@ -13,7 +15,7 @@ debugging records.
 
 %package devel
 Summary:       Library and header files of libdwarf
-Requires:      %{name} = %{version}-%{release}
+Requires:      %{name} = %{epoch}:%{version}-%{release}
 Provides:      libdwarf-static = %{version}-%{release}
 Obsoletes:     libdwarf-static < %{version}-%{release}
 
@@ -22,7 +24,7 @@ Libdwarf-devel provides libraries and header files for libdwarf.
 
 %package tools
 Summary:       Tools to access the DWARF debugging file format
-Requires:      %{name} = %{version}-%{release}
+Requires:      %{name} = %{epoch}:%{version}-%{release}
 
 %description tools
 Libdwarf-tools contains dwarfdump, a tool to access DWARF debug information.
@@ -72,6 +74,9 @@ LD_LIBRARY_PATH=$PWD/src/lib/libdwarf/.libs  TZ=:America/Los_Angeles %__make che
 %{_mandir}/man1/dwarfdump.1.gz
 
 %changelog
+* Mon Mar 25 2024 wangkai <13474090681@163.com> - 1:0.9.1-1
+- Update to 0.9.1 and fix CVE-2024-2002
+
 * Thu Jun 15 2023 liyanan <thistleslyn@163.com> - 0.7.0-1
 - Update to 0.7.0
 

libdwarf.yaml

@@ -1,5 +1,4 @@
-git_url: git://git.code.sf.net/p/libdwarf/code
-version_control: git
-src_repo: git://git.code.sf.net/p/libdwarf/code
-tag_prefix: 
-seperator: "."
+version_control: github
+src_repo: davea42/libdwarf-code
+tag_prefix: "^v"
+separator: "."