Author: Alan Modra <amodra@gmail.com>
Date:   Mon Nov 11 10:24:09 2024 +1030

    Re: tekhex object file output fixes

    Commit 8b5a212495 supported *ABS* symbols by allowing "section" to be
    bfd_abs_section, but bfd_abs_section needs to be treated specially.
    In particular, bfd_get_next_section_by_name (.., bfd_abs_section_ptr)
    is invalid.

            PR 32347
            * tekhex.c (first_phase): Guard against modification of
            _bfd_std_section[] entries.

Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88]
CVE: CVE-2024-53589

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>

diff --git a/bfd/tekhex.c b/bfd/tekhex.c
index aea2ebb23df..b305c1f96f1 100644
--- a/bfd/tekhex.c
+++ b/bfd/tekhex.c
@@ -361,6 +361,7 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
 {
   asection *section, *alt_section;
   unsigned int len;
+  bfd_vma addr;
   bfd_vma val;
   char sym[17];			/* A symbol can only be 16chars long.  */

@@ -368,20 +369,16 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
     {
     case '6':
       /* Data record - read it and store it.  */
-      {
-	bfd_vma addr;
-
-	if (!getvalue (&src, &addr, src_end))
-	  return false;
-
-	while (*src && src < src_end - 1)
-	  {
-	    insert_byte (abfd, HEX (src), addr);
-	    src += 2;
-	    addr++;
-	  }
-	return true;
-      }
+      if (!getvalue (&src, &addr, src_end))
+       return false;
+
+      while (*src && src < src_end - 1)
+       {
+         insert_byte (abfd, HEX (src), addr);
+         src += 2;
+         addr++;
+       }
+      return true;

     case '3':
       /* Symbol record, read the segment.  */
@@ -406,13 +403,16 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
	    {
	    case '1':		/* Section range.  */
	      src++;
-	      if (!getvalue (&src, &section->vma, src_end))
+             if (!getvalue (&src, &addr, src_end))
		return false;
	      if (!getvalue (&src, &val, src_end))
		return false;
-	      if (val < section->vma)
-		val = section->vma;
-	      section->size = val - section->vma;
+             if (bfd_is_const_section (section))
+               break;
+             section->vma = addr;
+             if (val < addr)
+               val = addr;
+             section->size = val - addr;
	      /* PR 17512: file: objdump-s-endless-loop.tekhex.
		 Check for overlarge section sizes.  */
	      if (section->size & 0x80000000)
@@ -455,6 +455,8 @@ first_phase (bfd *abfd, int type, char *src, char * src_end)
		  new_symbol->symbol.flags = BSF_LOCAL;
		if (stype == '2' || stype == '6')
		  new_symbol->symbol.section = bfd_abs_section_ptr;
+               else if (bfd_is_const_section (section))
+                 ;
		else if (stype == '3' || stype == '7')
		  {
		    if ((section->flags & SEC_DATA) == 0)