summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/binutils
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/binutils')
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.38.inc32
-rw-r--r--meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch2
-rw-r--r--meta/recipes-devtools/binutils/binutils/0016-CVE-2022-35205.patch (renamed from meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch)3
-rw-r--r--meta/recipes-devtools/binutils/binutils/0020-CVE-2023-22608-1.patch506
-rw-r--r--meta/recipes-devtools/binutils/binutils/0020-CVE-2023-22608-2.patch210
-rw-r--r--meta/recipes-devtools/binutils/binutils/0020-CVE-2023-22608-3.patch32
-rw-r--r--meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-1.patch459
-rw-r--r--meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-2.patch2127
-rw-r--r--meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-3.patch156
-rw-r--r--meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-4.patch37
-rw-r--r--meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch56
-rw-r--r--meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch38
-rw-r--r--meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch536
-rw-r--r--meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch54
-rw-r--r--meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch149
-rw-r--r--meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch41
-rw-r--r--meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch67
-rw-r--r--meta/recipes-devtools/binutils/binutils/0028-CVE-2022-47011.patch35
-rw-r--r--meta/recipes-devtools/binutils/binutils/0029-CVE-2022-48065-1.patch31
-rw-r--r--meta/recipes-devtools/binutils/binutils/0029-CVE-2022-48065-2.patch115
-rw-r--r--meta/recipes-devtools/binutils/binutils/0029-CVE-2022-48065-3.patch122
-rw-r--r--meta/recipes-devtools/binutils/binutils/0030-CVE-2022-44840.patch151
-rw-r--r--meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-1.patch147
-rw-r--r--meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-2.patch31
-rw-r--r--meta/recipes-devtools/binutils/binutils/0031-CVE-2022-47695.patch58
-rw-r--r--meta/recipes-devtools/binutils/binutils/0032-CVE-2022-47010.patch38
-rw-r--r--meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch34
-rw-r--r--meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch57
-rw-r--r--meta/recipes-devtools/binutils/binutils/0035-CVE-2023-39129.patch50
-rw-r--r--meta/recipes-devtools/binutils/binutils/0036-CVE-2023-39130.patch326
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch48
31 files changed, 5744 insertions, 4 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
index 0a4a0d7bc1..4a8831b534 100644
--- a/meta/recipes-devtools/binutils/binutils-2.38.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
@@ -18,7 +18,7 @@ SRCBRANCH ?= "binutils-2_38-branch"
UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
-SRCREV ?= "dc2474e7d204c124ab5a21b4490aa46eb7e1d4c3"
+SRCREV ?= "ea5fe5d01e5a182ee7a0eddb54a702109a9f5931"
BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=git"
SRC_URI = "\
${BINUTILS_GIT_URI} \
@@ -34,7 +34,7 @@ SRC_URI = "\
file://0013-Avoid-as-info-race-condition.patch \
file://0014-CVE-2019-1010204.patch \
file://0015-CVE-2022-38533.patch \
- file://0016-CVE-2022-38126.patch \
+ file://0016-CVE-2022-35205.patch \
file://0017-CVE-2022-38127-1.patch \
file://0017-CVE-2022-38127-2.patch \
file://0017-CVE-2022-38127-3.patch \
@@ -43,5 +43,33 @@ SRC_URI = "\
file://0018-CVE-2022-38128-2.patch \
file://0018-CVE-2022-38128-3.patch \
file://0019-CVE-2022-4285.patch \
+ file://0020-CVE-2023-22608-1.patch \
+ file://0020-CVE-2023-22608-2.patch \
+ file://0020-CVE-2023-22608-3.patch \
+ file://0021-CVE-2023-1579-1.patch \
+ file://0021-CVE-2023-1579-2.patch \
+ file://0021-CVE-2023-1579-3.patch \
+ file://0021-CVE-2023-1579-4.patch \
+ file://0022-CVE-2023-25584-1.patch \
+ file://0022-CVE-2023-25584-2.patch \
+ file://0022-CVE-2023-25584-3.patch \
+ file://0023-CVE-2023-25585.patch \
+ file://0026-CVE-2023-1972.patch \
+ file://0025-CVE-2023-25588.patch \
+ file://0027-CVE-2022-47008.patch \
+ file://0028-CVE-2022-47011.patch \
+ file://0029-CVE-2022-48065-1.patch \
+ file://0029-CVE-2022-48065-2.patch \
+ file://0029-CVE-2022-48065-3.patch \
+ file://0030-CVE-2022-44840.patch \
+ file://0031-CVE-2022-45703-1.patch \
+ file://0031-CVE-2022-45703-2.patch \
+ file://0031-CVE-2022-47695.patch \
+ file://CVE-2022-48063.patch \
+ file://0032-CVE-2022-47010.patch \
+ file://0033-CVE-2022-47007.patch \
+ file://0034-CVE-2022-48064.patch \
+ file://0035-CVE-2023-39129.patch \
+ file://0036-CVE-2023-39130.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch b/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch
index 59a97c13c7..8a5f4a8d79 100644
--- a/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch
+++ b/meta/recipes-devtools/binutils/binutils/0003-binutils-nativesdk-Search-for-alternative-ld.so.conf.patch
@@ -65,7 +65,7 @@ index 121c25d948f..34cbc60e5e9 100644
info.path = NULL;
info.len = info.alloc = 0;
- tmppath = concat (ld_sysroot, prefix, "/etc/ld.so.conf",
-+ tmppath = concat (ld_sysconfdir, "/etc/ld.so.conf",
++ tmppath = concat (ld_sysconfdir, "/ld.so.conf",
(const char *) NULL);
if (!ldelf_parse_ld_so_conf (&info, tmppath))
{
diff --git a/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch b/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-35205.patch
index 8200e28a81..a582df4466 100644
--- a/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-38126.patch
+++ b/meta/recipes-devtools/binutils/binutils/0016-CVE-2022-35205.patch
@@ -9,8 +9,9 @@ Subject: [PATCH] Replace a run-time assertion failure with a warning message
message.
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5]
-
+CVE: CVE-2022-35205
Signed-off-by: Pgowda <pgowda.cve@gmail.com>
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
binutils/dwarf.c | 7 ++++++-
diff --git a/meta/recipes-devtools/binutils/binutils/0020-CVE-2023-22608-1.patch b/meta/recipes-devtools/binutils/binutils/0020-CVE-2023-22608-1.patch
new file mode 100644
index 0000000000..18d4ac5f9d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0020-CVE-2023-22608-1.patch
@@ -0,0 +1,506 @@
+From 116aac1447ee92df25599859293752648e3c6ea0 Mon Sep 17 00:00:00 2001
+From: "Steinar H. Gunderson" <sesse@google.com>
+Date: Fri, 20 May 2022 16:10:34 +0200
+Subject: [PATCH] add a trie to map quickly from address range to compilation
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+ unit
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When using perf to profile large binaries, _bfd_dwarf2_find_nearest_line()
+becomes a hotspot, as perf wants to get line number information
+(for inline-detection purposes) for each and every sample. In Chromium
+in particular (the content_shell binary), this entails going through
+475k address ranges, which takes a long time when done repeatedly.
+
+Add a radix-256 trie over the address space to quickly map address to
+compilation unit spaces; for content_shell, which is 1.6 GB when some
+(but not full) debug information turned is on, we go from 6 ms to
+0.006 ms (6 µs) for each lookup from address to compilation unit, a 1000x
+speedup.
+
+There is a modest RAM increase of 180 MB in this binary (the existing
+linked list over ranges uses about 10 MB, and the entire perf job uses
+between 2-3 GB for a medium-size profile); for smaller binaries with few
+ranges, there should be hardly any extra RAM usage at all.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=b43771b045fb5616da3964f2994eefbe8ae70d32]
+
+CVE: CVE-2023-22608
+
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+
+---
+ bfd/dwarf2.c | 326 ++++++++++++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 312 insertions(+), 14 deletions(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index fdf071c3..0ae50a37 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -82,6 +82,77 @@ struct adjusted_section
+ bfd_vma adj_vma;
+ };
+
++/* A trie to map quickly from address range to compilation unit.
++
++ This is a fairly standard radix-256 trie, used to quickly locate which
++ compilation unit any given address belongs to. Given that each compilation
++ unit may register hundreds of very small and unaligned ranges (which may
++ potentially overlap, due to inlining and other concerns), and a large
++ program may end up containing hundreds of thousands of such ranges, we cannot
++ scan through them linearly without undue slowdown.
++
++ We use a hybrid trie to avoid memory explosion: There are two types of trie
++ nodes, leaves and interior nodes. (Almost all nodes are leaves, so they
++ take up the bulk of the memory usage.) Leaves contain a simple array of
++ ranges (high/low address) and which compilation unit contains those ranges,
++ and when we get to a leaf, we scan through it linearly. Interior nodes
++ contain pointers to 256 other nodes, keyed by the next byte of the address.
++ So for a 64-bit address like 0x1234567abcd, we would start at the root and go
++ down child[0x00]->child[0x00]->child[0x01]->child[0x23]->child[0x45] etc.,
++ until we hit a leaf. (Nodes are, in general, leaves until they exceed the
++ default allocation of 16 elements, at which point they are converted to
++ interior node if possible.) This gives us near-constant lookup times;
++ the only thing that can be costly is if there are lots of overlapping ranges
++ within a single 256-byte segment of the binary, in which case we have to
++ scan through them all to find the best match.
++
++ For a binary with few ranges, we will in practice only have a single leaf
++ node at the root, containing a simple array. Thus, the scheme is efficient
++ for both small and large binaries.
++ */
++
++/* Experiments have shown 16 to be a memory-efficient default leaf size.
++ The only case where a leaf will hold more memory than this, is at the
++ bottomost level (covering 256 bytes in the binary), where we'll expand
++ the leaf to be able to hold more ranges if needed.
++ */
++#define TRIE_LEAF_SIZE 16
++
++/* All trie_node pointers will really be trie_leaf or trie_interior,
++ but they have this common head. */
++struct trie_node
++{
++ /* If zero, we are an interior node.
++ Otherwise, how many ranges we have room for in this leaf. */
++ unsigned int num_room_in_leaf;
++};
++
++struct trie_leaf
++{
++ struct trie_node head;
++ unsigned int num_stored_in_leaf;
++ struct {
++ struct comp_unit *unit;
++ bfd_vma low_pc, high_pc;
++ } ranges[TRIE_LEAF_SIZE];
++};
++
++struct trie_interior
++{
++ struct trie_node head;
++ struct trie_node *children[256];
++};
++
++static struct trie_node *alloc_trie_leaf (bfd *abfd)
++{
++ struct trie_leaf *leaf =
++ bfd_zalloc (abfd, sizeof (struct trie_leaf));
++ if (leaf == NULL)
++ return NULL;
++ leaf->head.num_room_in_leaf = TRIE_LEAF_SIZE;
++ return &leaf->head;
++}
++
+ struct dwarf2_debug_file
+ {
+ /* The actual bfd from which debug info was loaded. Might be
+@@ -139,6 +210,9 @@ struct dwarf2_debug_file
+ /* A list of all previously read comp_units. */
+ struct comp_unit *all_comp_units;
+
++ /* A list of all previously read comp_units with no ranges (yet). */
++ struct comp_unit *all_comp_units_without_ranges;
++
+ /* Last comp unit in list above. */
+ struct comp_unit *last_comp_unit;
+
+@@ -147,6 +221,9 @@ struct dwarf2_debug_file
+
+ /* Hash table to map offsets to decoded abbrevs. */
+ htab_t abbrev_offsets;
++
++ /* Root of a trie to map addresses to compilation units. */
++ struct trie_node *trie_root;
+ };
+
+ struct dwarf2_debug
+@@ -220,6 +297,11 @@ struct comp_unit
+ /* Chain the previously read compilation units. */
+ struct comp_unit *next_unit;
+
++ /* Chain the previously read compilation units that have no ranges yet.
++ We scan these separately when we have a trie over the ranges.
++ Unused if arange.high != 0. */
++ struct comp_unit *next_unit_without_ranges;
++
+ /* Likewise, chain the compilation unit read after this one.
+ The comp units are stored in reversed reading order. */
+ struct comp_unit *prev_unit;
+@@ -296,6 +378,10 @@ struct comp_unit
+
+ /* TRUE if symbols are cached in hash table for faster lookup by name. */
+ bool cached;
++
++ /* Used when iterating over trie leaves to know which units we have
++ already seen in this iteration. */
++ bool mark;
+ };
+
+ /* This data structure holds the information of an abbrev. */
+@@ -1766,9 +1852,189 @@ concat_filename (struct line_info_table *table, unsigned int file)
+ return strdup (filename);
+ }
+
++/* Number of bits in a bfd_vma. */
++#define VMA_BITS (8 * sizeof (bfd_vma))
++
++/* Check whether [low1, high1) can be combined with [low2, high2),
++ i.e., they touch or overlap. */
++static bool ranges_overlap (bfd_vma low1,
++ bfd_vma high1,
++ bfd_vma low2,
++ bfd_vma high2)
++{
++ if (low1 == low2 || high1 == high2)
++ return true;
++
++ /* Sort so that low1 is below low2. */
++ if (low1 > low2)
++ {
++ bfd_vma tmp;
++
++ tmp = low1;
++ low1 = low2;
++ low2 = tmp;
++
++ tmp = high1;
++ high1 = high2;
++ high2 = tmp;
++ }
++
++ /* We touch iff low2 == high1.
++ We overlap iff low2 is within [low1, high1). */
++ return (low2 <= high1);
++}
++
++/* Insert an address range in the trie mapping addresses to compilation units.
++ Will return the new trie node (usually the same as is being sent in, but
++ in case of a leaf-to-interior conversion, or expansion of a leaf, it may be
++ different), or NULL on failure.
++ */
++static struct trie_node *insert_arange_in_trie(bfd *abfd,
++ struct trie_node *trie,
++ bfd_vma trie_pc,
++ unsigned int trie_pc_bits,
++ struct comp_unit *unit,
++ bfd_vma low_pc,
++ bfd_vma high_pc)
++{
++ bfd_vma clamped_low_pc, clamped_high_pc;
++ int ch, from_ch, to_ch;
++ bool is_full_leaf = false;
++
++ /* See if we can extend any of the existing ranges. This merging
++ isn't perfect (if merging opens up the possibility of merging two existing
++ ranges, we won't find them), but it takes the majority of the cases. */
++ if (trie->num_room_in_leaf > 0)
++ {
++ struct trie_leaf *leaf = (struct trie_leaf *) trie;
++ unsigned int i;
++
++ for (i = 0; i < leaf->num_stored_in_leaf; ++i)
++ {
++ if (leaf->ranges[i].unit == unit &&
++ ranges_overlap(low_pc, high_pc,
++ leaf->ranges[i].low_pc, leaf->ranges[i].high_pc))
++ {
++ if (low_pc < leaf->ranges[i].low_pc)
++ leaf->ranges[i].low_pc = low_pc;
++ if (high_pc > leaf->ranges[i].high_pc)
++ leaf->ranges[i].high_pc = high_pc;
++ return trie;
++ }
++ }
++
++ is_full_leaf = leaf->num_stored_in_leaf == trie->num_room_in_leaf;
++ }
++
++ /* If we're a leaf with no more room and we're _not_ at the bottom,
++ convert to an interior node. */
++ if (is_full_leaf && trie_pc_bits < VMA_BITS)
++ {
++ const struct trie_leaf *leaf = (struct trie_leaf *) trie;
++ unsigned int i;
++
++ trie = bfd_zalloc (abfd, sizeof (struct trie_interior));
++ if (!trie)
++ return NULL;
++ is_full_leaf = false;
++
++ /* TODO: If we wanted to save a little more memory at the cost of
++ complexity, we could have reused the old leaf node as one of the
++ children of the new interior node, instead of throwing it away. */
++ for (i = 0; i < leaf->num_stored_in_leaf; ++i)
++ {
++ if (!insert_arange_in_trie (abfd, trie, trie_pc, trie_pc_bits,
++ leaf->ranges[i].unit, leaf->ranges[i].low_pc,
++ leaf->ranges[i].high_pc))
++ return NULL;
++ }
++ }
++
++ /* If we're a leaf with no more room and we _are_ at the bottom,
++ we have no choice but to just make it larger. */
++ if (is_full_leaf)
++ {
++ const struct trie_leaf *leaf = (struct trie_leaf *) trie;
++ unsigned int new_room_in_leaf = trie->num_room_in_leaf * 2;
++ struct trie_leaf *new_leaf;
++
++ new_leaf = bfd_zalloc (abfd,
++ sizeof (struct trie_leaf) +
++ (new_room_in_leaf - TRIE_LEAF_SIZE) * sizeof (leaf->ranges[0]));
++ new_leaf->head.num_room_in_leaf = new_room_in_leaf;
++ new_leaf->num_stored_in_leaf = leaf->num_stored_in_leaf;
++
++ memcpy (new_leaf->ranges,
++ leaf->ranges,
++ leaf->num_stored_in_leaf * sizeof (leaf->ranges[0]));
++ trie = &new_leaf->head;
++ is_full_leaf = false;
++
++ /* Now the insert below will go through. */
++ }
++
++ /* If we're a leaf (now with room), we can just insert at the end. */
++ if (trie->num_room_in_leaf > 0)
++ {
++ struct trie_leaf *leaf = (struct trie_leaf *) trie;
++
++ unsigned int i = leaf->num_stored_in_leaf++;
++ leaf->ranges[i].unit = unit;
++ leaf->ranges[i].low_pc = low_pc;
++ leaf->ranges[i].high_pc = high_pc;
++ return trie;
++ }
++
++ /* Now we are definitely an interior node, so recurse into all
++ the relevant buckets. */
++
++ /* Clamp the range to the current trie bucket. */
++ clamped_low_pc = low_pc;
++ clamped_high_pc = high_pc;
++ if (trie_pc_bits > 0)
++ {
++ bfd_vma bucket_high_pc =
++ trie_pc + ((bfd_vma)-1 >> trie_pc_bits); /* Inclusive. */
++ if (clamped_low_pc < trie_pc)
++ clamped_low_pc = trie_pc;
++ if (clamped_high_pc > bucket_high_pc)
++ clamped_high_pc = bucket_high_pc;
++ }
++
++ /* Insert the ranges in all buckets that it spans. */
++ from_ch = (clamped_low_pc >> (VMA_BITS - trie_pc_bits - 8)) & 0xff;
++ to_ch = ((clamped_high_pc - 1) >> (VMA_BITS - trie_pc_bits - 8)) & 0xff;
++ for (ch = from_ch; ch <= to_ch; ++ch)
++ {
++ struct trie_interior *interior = (struct trie_interior *) trie;
++ struct trie_node *child = interior->children[ch];
++
++ if (child == NULL)
++ {
++ child = alloc_trie_leaf (abfd);
++ if (!child)
++ return NULL;
++ }
++ child = insert_arange_in_trie (abfd,
++ child,
++ trie_pc + ((bfd_vma)ch << (VMA_BITS - trie_pc_bits - 8)),
++ trie_pc_bits + 8,
++ unit,
++ low_pc,
++ high_pc);
++ if (!child)
++ return NULL;
++
++ interior->children[ch] = child;
++ }
++
++ return trie;
++}
++
++
+ static bool
+-arange_add (const struct comp_unit *unit, struct arange *first_arange,
+- bfd_vma low_pc, bfd_vma high_pc)
++arange_add (struct comp_unit *unit, struct arange *first_arange,
++ struct trie_node **trie_root, bfd_vma low_pc, bfd_vma high_pc)
+ {
+ struct arange *arange;
+
+@@ -1776,6 +2042,19 @@ arange_add (const struct comp_unit *unit, struct arange *first_arange,
+ if (low_pc == high_pc)
+ return true;
+
++ if (trie_root != NULL)
++ {
++ *trie_root = insert_arange_in_trie (unit->file->bfd_ptr,
++ *trie_root,
++ 0,
++ 0,
++ unit,
++ low_pc,
++ high_pc);
++ if (*trie_root == NULL)
++ return false;
++ }
++
+ /* If the first arange is empty, use it. */
+ if (first_arange->high == 0)
+ {
+@@ -2410,7 +2689,8 @@ decode_line_info (struct comp_unit *unit)
+ low_pc = address;
+ if (address > high_pc)
+ high_pc = address;
+- if (!arange_add (unit, &unit->arange, low_pc, high_pc))
++ if (!arange_add (unit, &unit->arange, &unit->file->trie_root,
++ low_pc, high_pc))
+ goto line_fail;
+ break;
+ case DW_LNE_set_address:
+@@ -3134,7 +3414,7 @@ find_abstract_instance (struct comp_unit *unit,
+
+ static bool
+ read_ranges (struct comp_unit *unit, struct arange *arange,
+- bfd_uint64_t offset)
++ struct trie_node **trie_root, bfd_uint64_t offset)
+ {
+ bfd_byte *ranges_ptr;
+ bfd_byte *ranges_end;
+@@ -3169,7 +3449,7 @@ read_ranges (struct comp_unit *unit, struct arange *arange,
+ base_address = high_pc;
+ else
+ {
+- if (!arange_add (unit, arange,
++ if (!arange_add (unit, arange, trie_root,
+ base_address + low_pc, base_address + high_pc))
+ return false;
+ }
+@@ -3179,7 +3459,7 @@ read_ranges (struct comp_unit *unit, struct arange *arange,
+
+ static bool
+ read_rnglists (struct comp_unit *unit, struct arange *arange,
+- bfd_uint64_t offset)
++ struct trie_node **trie_root, bfd_uint64_t offset)
+ {
+ bfd_byte *rngs_ptr;
+ bfd_byte *rngs_end;
+@@ -3253,19 +3533,19 @@ read_rnglists (struct comp_unit *unit, struct arange *arange,
+ return false;
+ }
+
+- if (!arange_add (unit, arange, low_pc, high_pc))
++ if (!arange_add (unit, arange, trie_root, low_pc, high_pc))
+ return false;
+ }
+ }
+
+ static bool
+ read_rangelist (struct comp_unit *unit, struct arange *arange,
+- bfd_uint64_t offset)
++ struct trie_node **trie_root, bfd_uint64_t offset)
+ {
+ if (unit->version <= 4)
+- return read_ranges (unit, arange, offset);
++ return read_ranges (unit, arange, trie_root, offset);
+ else
+- return read_rnglists (unit, arange, offset);
++ return read_rnglists (unit, arange, trie_root, offset);
+ }
+
+ static struct funcinfo *
+@@ -3563,7 +3843,8 @@ scan_unit_for_symbols (struct comp_unit *unit)
+
+ case DW_AT_ranges:
+ if (is_int_form (&attr)
+- && !read_rangelist (unit, &func->arange, attr.u.val))
++ && !read_rangelist (unit, &func->arange,
++ &unit->file->trie_root, attr.u.val))
+ goto fail;
+ break;
+
+@@ -3679,7 +3960,8 @@ scan_unit_for_symbols (struct comp_unit *unit)
+
+ if (func && high_pc != 0)
+ {
+- if (!arange_add (unit, &func->arange, low_pc, high_pc))
++ if (!arange_add (unit, &func->arange, &unit->file->trie_root,
++ low_pc, high_pc))
+ goto fail;
+ }
+ }
+@@ -3874,7 +4156,8 @@ parse_comp_unit (struct dwarf2_debug *stash,
+
+ case DW_AT_ranges:
+ if (is_int_form (&attr)
+- && !read_rangelist (unit, &unit->arange, attr.u.val))
++ && !read_rangelist (unit, &unit->arange,
++ &unit->file->trie_root, attr.u.val))
+ return NULL;
+ break;
+
+@@ -3916,7 +4199,8 @@ parse_comp_unit (struct dwarf2_debug *stash,
+ high_pc += low_pc;
+ if (high_pc != 0)
+ {
+- if (!arange_add (unit, &unit->arange, low_pc, high_pc))
++ if (!arange_add (unit, &unit->arange, &unit->file->trie_root,
++ low_pc, high_pc))
+ return NULL;
+ }
+
+@@ -4747,6 +5031,14 @@ _bfd_dwarf2_slurp_debug_info (bfd *abfd, bfd *debug_bfd,
+ if (!stash->alt.abbrev_offsets)
+ return false;
+
++ stash->f.trie_root = alloc_trie_leaf (abfd);
++ if (!stash->f.trie_root)
++ return false;
++
++ stash->alt.trie_root = alloc_trie_leaf (abfd);
++ if (!stash->alt.trie_root)
++ return false;
++
+ *pinfo = stash;
+
+ if (debug_bfd == NULL)
+@@ -4918,6 +5210,12 @@ stash_comp_unit (struct dwarf2_debug *stash, struct dwarf2_debug_file *file)
+ each->next_unit = file->all_comp_units;
+ file->all_comp_units = each;
+
++ if (each->arange.high == 0)
++ {
++ each->next_unit_without_ranges = file->all_comp_units_without_ranges;
++ file->all_comp_units_without_ranges = each->next_unit_without_ranges;
++ }
++
+ file->info_ptr += length;
+ return each;
+ }
diff --git a/meta/recipes-devtools/binutils/binutils/0020-CVE-2023-22608-2.patch b/meta/recipes-devtools/binutils/binutils/0020-CVE-2023-22608-2.patch
new file mode 100644
index 0000000000..a58b8dccdc
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0020-CVE-2023-22608-2.patch
@@ -0,0 +1,210 @@
+From 1e716c1b160d56c2ab8711e199cad5b4db47cedf Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 30 Aug 2022 16:01:20 +0100
+Subject: [PATCH] BFD library: Use entry 0 in directory and filename tables of
+
+ DWARF-5 debug info.
+
+ PR 29529
+ * dwarf2.c (struct line_info_table): Add new field:
+ use_dir_and_file_0.
+ (concat_filename): Use new field to help select the correct table
+ slot.
+ (read_formatted_entries): Do not skip entry 0.
+ (decode_line_info): Set new field depending upon the version of
+ DWARF being parsed. Initialise filename based upon the setting of
+ the new field.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=37833b966576c5d25e797ea3b6c33d0459a71892]
+CVE: CVE-2023-22608
+
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+
+---
+ bfd/dwarf2.c | 86 ++++++++++++++++++++----------
+ ld/testsuite/ld-x86-64/pr27587.err | 2 +-
+ 2 files changed, 59 insertions(+), 29 deletions(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0ae50a37..b7839ad6 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -1571,6 +1571,7 @@ struct line_info_table
+ unsigned int num_files;
+ unsigned int num_dirs;
+ unsigned int num_sequences;
++ bool use_dir_and_file_0;
+ char * comp_dir;
+ char ** dirs;
+ struct fileinfo* files;
+@@ -1791,16 +1792,30 @@ concat_filename (struct line_info_table *table, unsigned int file)
+ {
+ char *filename;
+
+- if (table == NULL || file - 1 >= table->num_files)
++ /* Pre DWARF-5 entry 0 in the directory and filename tables was not used.
++ So in order to save space in the tables used here the info for, eg
++ directory 1 is stored in slot 0 of the directory table, directory 2
++ in slot 1 and so on.
++
++ Starting with DWARF-5 the 0'th entry is used so there is a one to one
++ mapping between DWARF slots and internal table entries. */
++ if (! table->use_dir_and_file_0)
+ {
+- /* FILE == 0 means unknown. */
+- if (file)
+- _bfd_error_handler
+- (_("DWARF error: mangled line number section (bad file number)"));
++ /* Pre DWARF-5, FILE == 0 means unknown. */
++ if (file == 0)
++ return strdup ("<unknown>");
++ -- file;
++ }
++
++ if (table == NULL || file >= table->num_files)
++ {
++ _bfd_error_handler
++ (_("DWARF error: mangled line number section (bad file number)"));
+ return strdup ("<unknown>");
+ }
+
+- filename = table->files[file - 1].name;
++ filename = table->files[file].name;
++
+ if (filename == NULL)
+ return strdup ("<unknown>");
+
+@@ -1811,12 +1826,17 @@ concat_filename (struct line_info_table *table, unsigned int file)
+ char *name;
+ size_t len;
+
+- if (table->files[file - 1].dir
++ if (table->files[file].dir
+ /* PR 17512: file: 0317e960. */
+- && table->files[file - 1].dir <= table->num_dirs
++ && table->files[file].dir <= table->num_dirs
+ /* PR 17512: file: 7f3d2e4b. */
+ && table->dirs != NULL)
+- subdir_name = table->dirs[table->files[file - 1].dir - 1];
++ {
++ if (table->use_dir_and_file_0)
++ subdir_name = table->dirs[table->files[file].dir];
++ else
++ subdir_name = table->dirs[table->files[file].dir - 1];
++ }
+
+ if (!subdir_name || !IS_ABSOLUTE_PATH (subdir_name))
+ dir_name = table->comp_dir;
+@@ -1857,10 +1877,12 @@ concat_filename (struct line_info_table *table, unsigned int file)
+
+ /* Check whether [low1, high1) can be combined with [low2, high2),
+ i.e., they touch or overlap. */
+-static bool ranges_overlap (bfd_vma low1,
+- bfd_vma high1,
+- bfd_vma low2,
+- bfd_vma high2)
++
++static bool
++ranges_overlap (bfd_vma low1,
++ bfd_vma high1,
++ bfd_vma low2,
++ bfd_vma high2)
+ {
+ if (low1 == low2 || high1 == high2)
+ return true;
+@@ -1887,15 +1909,16 @@ static bool ranges_overlap (bfd_vma low1,
+ /* Insert an address range in the trie mapping addresses to compilation units.
+ Will return the new trie node (usually the same as is being sent in, but
+ in case of a leaf-to-interior conversion, or expansion of a leaf, it may be
+- different), or NULL on failure.
+- */
+-static struct trie_node *insert_arange_in_trie(bfd *abfd,
+- struct trie_node *trie,
+- bfd_vma trie_pc,
+- unsigned int trie_pc_bits,
+- struct comp_unit *unit,
+- bfd_vma low_pc,
+- bfd_vma high_pc)
++ different), or NULL on failure. */
++
++static struct trie_node *
++insert_arange_in_trie (bfd *abfd,
++ struct trie_node *trie,
++ bfd_vma trie_pc,
++ unsigned int trie_pc_bits,
++ struct comp_unit *unit,
++ bfd_vma low_pc,
++ bfd_vma high_pc)
+ {
+ bfd_vma clamped_low_pc, clamped_high_pc;
+ int ch, from_ch, to_ch;
+@@ -2031,7 +2054,6 @@ static struct trie_node *insert_arange_in_trie(bfd *abfd,
+ return trie;
+ }
+
+-
+ static bool
+ arange_add (struct comp_unit *unit, struct arange *first_arange,
+ struct trie_node **trie_root, bfd_vma low_pc, bfd_vma high_pc)
+@@ -2412,10 +2434,8 @@ read_formatted_entries (struct comp_unit *unit, bfd_byte **bufp,
+ }
+ }
+
+- /* Skip the first "zero entry", which is the compilation dir/file. */
+- if (datai != 0)
+- if (!callback (table, fe.name, fe.dir, fe.time, fe.size))
+- return false;
++ if (!callback (table, fe.name, fe.dir, fe.time, fe.size))
++ return false;
+ }
+
+ *bufp = buf;
+@@ -2592,6 +2612,7 @@ decode_line_info (struct comp_unit *unit)
+ if (!read_formatted_entries (unit, &line_ptr, line_end, table,
+ line_info_add_file_name))
+ goto fail;
++ table->use_dir_and_file_0 = true;
+ }
+ else
+ {
+@@ -2614,6 +2635,7 @@ decode_line_info (struct comp_unit *unit)
+ if (!line_info_add_file_name (table, cur_file, dir, xtime, size))
+ goto fail;
+ }
++ table->use_dir_and_file_0 = false;
+ }
+
+ /* Read the statement sequences until there's nothing left. */
+@@ -2622,7 +2644,7 @@ decode_line_info (struct comp_unit *unit)
+ /* State machine registers. */
+ bfd_vma address = 0;
+ unsigned char op_index = 0;
+- char * filename = table->num_files ? concat_filename (table, 1) : NULL;
++ char * filename = NULL;
+ unsigned int line = 1;
+ unsigned int column = 0;
+ unsigned int discriminator = 0;
+@@ -2637,6 +2659,14 @@ decode_line_info (struct comp_unit *unit)
+ bfd_vma low_pc = (bfd_vma) -1;
+ bfd_vma high_pc = 0;
+
++ if (table->num_files)
++ {
++ if (table->use_dir_and_file_0)
++ filename = concat_filename (table, 0);
++ else
++ filename = concat_filename (table, 1);
++ }
++
+ /* Decode the table. */
+ while (!end_sequence && line_ptr < line_end)
+ {
+diff --git a/ld/testsuite/ld-x86-64/pr27587.err b/ld/testsuite/ld-x86-64/pr27587.err
+index fa870790..807750ca 100644
+--- a/ld/testsuite/ld-x86-64/pr27587.err
++++ b/ld/testsuite/ld-x86-64/pr27587.err
+@@ -1,3 +1,3 @@
+ #...
+-.*pr27587.i:4: undefined reference to `stack_size'
++.*pr27587/<artificial>:4: undefined reference to `stack_size'
+ #...
diff --git a/meta/recipes-devtools/binutils/binutils/0020-CVE-2023-22608-3.patch b/meta/recipes-devtools/binutils/binutils/0020-CVE-2023-22608-3.patch
new file mode 100644
index 0000000000..a1b74248ce
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0020-CVE-2023-22608-3.patch
@@ -0,0 +1,32 @@
+From 4b8386a90802ed8e43eac2266f6e03c92b4462ed Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 23 Dec 2022 13:02:04 +0000
+Subject: [PATCH] Fix illegal memory access parsing corrupt DWARF information.
+
+ PR 29936
+ * dwarf2.c (concat_filename): Fix check for a directory index off
+ the end of the directory table.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=8af23b30edbaedf009bc9b243cd4dfa10ae1ac09]
+CVE: CVE-2023-22608
+
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+
+---
+ bfd/dwarf2.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index b7839ad6..8b07a24c 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -1828,7 +1828,8 @@ concat_filename (struct line_info_table *table, unsigned int file)
+
+ if (table->files[file].dir
+ /* PR 17512: file: 0317e960. */
+- && table->files[file].dir <= table->num_dirs
++ && table->files[file].dir
++ <= (table->use_dir_and_file_0 ? table->num_dirs - 1 : table->num_dirs)
+ /* PR 17512: file: 7f3d2e4b. */
+ && table->dirs != NULL)
+ {
diff --git a/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-1.patch b/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-1.patch
new file mode 100644
index 0000000000..1e9c03e70e
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-1.patch
@@ -0,0 +1,459 @@
+From f67741e172bf342291fe3abd2b395899ce6433a0 Mon Sep 17 00:00:00 2001
+From: "Potharla, Rupesh" <Rupesh.Potharla@amd.com>
+Date: Tue, 24 May 2022 00:01:49 +0000
+Subject: [PATCH] bfd: Add Support for DW_FORM_strx* and DW_FORM_addrx*
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f67741e172bf342291fe3abd2b395899ce6433a0]
+
+CVE: CVE-2023-1579
+
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+
+---
+ bfd/dwarf2.c | 282 ++++++++++++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 268 insertions(+), 14 deletions(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index f6b0183720b..45e286754e4 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -189,6 +189,18 @@ struct dwarf2_debug_file
+ /* Length of the loaded .debug_str section. */
+ bfd_size_type dwarf_str_size;
+
++ /* Pointer to the .debug_str_offsets section loaded into memory. */
++ bfd_byte *dwarf_str_offsets_buffer;
++
++ /* Length of the loaded .debug_str_offsets section. */
++ bfd_size_type dwarf_str_offsets_size;
++
++ /* Pointer to the .debug_addr section loaded into memory. */
++ bfd_byte *dwarf_addr_buffer;
++
++ /* Length of the loaded .debug_addr section. */
++ bfd_size_type dwarf_addr_size;
++
+ /* Pointer to the .debug_line_str section loaded into memory. */
+ bfd_byte *dwarf_line_str_buffer;
+
+@@ -382,6 +394,12 @@ struct comp_unit
+ /* Used when iterating over trie leaves to know which units we have
+ already seen in this iteration. */
+ bool mark;
++
++ /* Base address of debug_addr section. */
++ size_t dwarf_addr_offset;
++
++ /* Base address of string offset table. */
++ size_t dwarf_str_offset;
+ };
+
+ /* This data structure holds the information of an abbrev. */
+@@ -424,6 +442,8 @@ const struct dwarf_debug_section dwarf_debug_sections[] =
+ { ".debug_static_vars", ".zdebug_static_vars" },
+ { ".debug_str", ".zdebug_str", },
+ { ".debug_str", ".zdebug_str", },
++ { ".debug_str_offsets", ".zdebug_str_offsets", },
++ { ".debug_addr", ".zdebug_addr", },
+ { ".debug_line_str", ".zdebug_line_str", },
+ { ".debug_types", ".zdebug_types" },
+ /* GNU DWARF 1 extensions */
+@@ -458,6 +478,8 @@ enum dwarf_debug_section_enum
+ debug_static_vars,
+ debug_str,
+ debug_str_alt,
++ debug_str_offsets,
++ debug_addr,
+ debug_line_str,
+ debug_types,
+ debug_sfnames,
+@@ -1307,12 +1329,92 @@ is_int_form (const struct attribute *attr)
+ }
+ }
+
++/* Returns true if the form is strx[1-4]. */
++
++static inline bool
++is_strx_form (enum dwarf_form form)
++{
++ return (form == DW_FORM_strx
++ || form == DW_FORM_strx1
++ || form == DW_FORM_strx2
++ || form == DW_FORM_strx3
++ || form == DW_FORM_strx4);
++}
++
++/* Return true if the form is addrx[1-4]. */
++
++static inline bool
++is_addrx_form (enum dwarf_form form)
++{
++ return (form == DW_FORM_addrx
++ || form == DW_FORM_addrx1
++ || form == DW_FORM_addrx2
++ || form == DW_FORM_addrx3
++ || form == DW_FORM_addrx4);
++}
++
++/* Returns the address in .debug_addr section using DW_AT_addr_base.
++ Used to implement DW_FORM_addrx*. */
++static bfd_vma
++read_indexed_address (bfd_uint64_t idx,
++ struct comp_unit *unit)
++{
++ struct dwarf2_debug *stash = unit->stash;
++ struct dwarf2_debug_file *file = unit->file;
++ size_t addr_base = unit->dwarf_addr_offset;
++ bfd_byte *info_ptr;
++
++ if (stash == NULL)
++ return 0;
++
++ if (!read_section (unit->abfd, &stash->debug_sections[debug_addr],
++ file->syms, 0,
++ &file->dwarf_addr_buffer, &file->dwarf_addr_size))
++ return 0;
++
++ info_ptr = file->dwarf_addr_buffer + addr_base + idx * unit->offset_size;
++
++ if (unit->offset_size == 4)
++ return bfd_get_32 (unit->abfd, info_ptr);
++ else
++ return bfd_get_64 (unit->abfd, info_ptr);
++}
++
++/* Returns the string using DW_AT_str_offsets_base.
++ Used to implement DW_FORM_strx*. */
+ static const char *
+-read_indexed_string (bfd_uint64_t idx ATTRIBUTE_UNUSED,
+- struct comp_unit * unit ATTRIBUTE_UNUSED)
++read_indexed_string (bfd_uint64_t idx,
++ struct comp_unit *unit)
+ {
+- /* FIXME: Add support for indexed strings. */
+- return "<indexed strings not yet supported>";
++ struct dwarf2_debug *stash = unit->stash;
++ struct dwarf2_debug_file *file = unit->file;
++ bfd_byte *info_ptr;
++ unsigned long str_offset;
++
++ if (stash == NULL)
++ return NULL;
++
++ if (!read_section (unit->abfd, &stash->debug_sections[debug_str],
++ file->syms, 0,
++ &file->dwarf_str_buffer, &file->dwarf_str_size))
++ return NULL;
++
++ if (!read_section (unit->abfd, &stash->debug_sections[debug_str_offsets],
++ file->syms, 0,
++ &file->dwarf_str_offsets_buffer,
++ &file->dwarf_str_offsets_size))
++ return NULL;
++
++ info_ptr = (file->dwarf_str_offsets_buffer
++ + unit->dwarf_str_offset
++ + idx * unit->offset_size);
++
++ if (unit->offset_size == 4)
++ str_offset = bfd_get_32 (unit->abfd, info_ptr);
++ else
++ str_offset = bfd_get_64 (unit->abfd, info_ptr);
++
++ return (const char *) file->dwarf_str_buffer + str_offset;
+ }
+
+ /* Read and fill in the value of attribute ATTR as described by FORM.
+@@ -1381,21 +1483,37 @@ read_attribute_value (struct attribute * attr,
+ case DW_FORM_ref1:
+ case DW_FORM_flag:
+ case DW_FORM_data1:
++ attr->u.val = read_1_byte (abfd, &info_ptr, info_ptr_end);
++ break;
+ case DW_FORM_addrx1:
+ attr->u.val = read_1_byte (abfd, &info_ptr, info_ptr_end);
++ /* dwarf_addr_offset value 0 indicates the attribute DW_AT_addr_base
++ is not yet read. */
++ if (unit->dwarf_addr_offset != 0)
++ attr->u.val = read_indexed_address (attr->u.val, unit);
+ break;
+ case DW_FORM_data2:
+- case DW_FORM_addrx2:
+ case DW_FORM_ref2:
+ attr->u.val = read_2_bytes (abfd, &info_ptr, info_ptr_end);
+ break;
++ case DW_FORM_addrx2:
++ attr->u.val = read_2_bytes (abfd, &info_ptr, info_ptr_end);
++ if (unit->dwarf_addr_offset != 0)
++ attr->u.val = read_indexed_address (attr->u.val, unit);
++ break;
+ case DW_FORM_addrx3:
+ attr->u.val = read_3_bytes (abfd, &info_ptr, info_ptr_end);
++ if (unit->dwarf_addr_offset != 0)
++ attr->u.val = read_indexed_address(attr->u.val, unit);
+ break;
+ case DW_FORM_ref4:
+ case DW_FORM_data4:
++ attr->u.val = read_4_bytes (abfd, &info_ptr, info_ptr_end);
++ break;
+ case DW_FORM_addrx4:
+ attr->u.val = read_4_bytes (abfd, &info_ptr, info_ptr_end);
++ if (unit->dwarf_addr_offset != 0)
++ attr->u.val = read_indexed_address (attr->u.val, unit);
+ break;
+ case DW_FORM_data8:
+ case DW_FORM_ref8:
+@@ -1416,24 +1534,31 @@ read_attribute_value (struct attribute * attr,
+ break;
+ case DW_FORM_strx1:
+ attr->u.val = read_1_byte (abfd, &info_ptr, info_ptr_end);
+- attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
++ /* dwarf_str_offset value 0 indicates the attribute DW_AT_str_offsets_base
++ is not yet read. */
++ if (unit->dwarf_str_offset != 0)
++ attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
+ break;
+ case DW_FORM_strx2:
+ attr->u.val = read_2_bytes (abfd, &info_ptr, info_ptr_end);
+- attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
++ if (unit->dwarf_str_offset != 0)
++ attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
+ break;
+ case DW_FORM_strx3:
+ attr->u.val = read_3_bytes (abfd, &info_ptr, info_ptr_end);
+- attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
++ if (unit->dwarf_str_offset != 0)
++ attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
+ break;
+ case DW_FORM_strx4:
+ attr->u.val = read_4_bytes (abfd, &info_ptr, info_ptr_end);
+- attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
++ if (unit->dwarf_str_offset != 0)
++ attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
+ break;
+ case DW_FORM_strx:
+ attr->u.val = _bfd_safe_read_leb128 (abfd, &info_ptr,
+ false, info_ptr_end);
+- attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
++ if (unit->dwarf_str_offset != 0)
++ attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
+ break;
+ case DW_FORM_exprloc:
+ case DW_FORM_block:
+@@ -1455,9 +1580,14 @@ read_attribute_value (struct attribute * attr,
+ break;
+ case DW_FORM_ref_udata:
+ case DW_FORM_udata:
++ attr->u.val = _bfd_safe_read_leb128 (abfd, &info_ptr,
++ false, info_ptr_end);
++ break;
+ case DW_FORM_addrx:
+ attr->u.val = _bfd_safe_read_leb128 (abfd, &info_ptr,
+ false, info_ptr_end);
++ if (unit->dwarf_addr_offset != 0)
++ attr->u.val = read_indexed_address (attr->u.val, unit);
+ break;
+ case DW_FORM_indirect:
+ form = _bfd_safe_read_leb128 (abfd, &info_ptr,
+@@ -2396,6 +2526,11 @@ read_formatted_entries (struct comp_unit *unit, bfd_byte **bufp,
+ {
+ case DW_FORM_string:
+ case DW_FORM_line_strp:
++ case DW_FORM_strx:
++ case DW_FORM_strx1:
++ case DW_FORM_strx2:
++ case DW_FORM_strx3:
++ case DW_FORM_strx4:
+ *stringp = attr.u.str;
+ break;
+
+@@ -4031,6 +4166,80 @@ scan_unit_for_symbols (struct comp_unit *unit)
+ return false;
+ }
+
++/* Read the attributes of the form strx and addrx. */
++
++static void
++reread_attribute (struct comp_unit *unit,
++ struct attribute *attr,
++ bfd_vma *low_pc,
++ bfd_vma *high_pc,
++ bool *high_pc_relative,
++ bool compunit)
++{
++ if (is_strx_form (attr->form))
++ attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
++ if (is_addrx_form (attr->form))
++ attr->u.val = read_indexed_address (attr->u.val, unit);
++
++ switch (attr->name)
++ {
++ case DW_AT_stmt_list:
++ unit->stmtlist = 1;
++ unit->line_offset = attr->u.val;
++ break;
++
++ case DW_AT_name:
++ if (is_str_form (attr))
++ unit->name = attr->u.str;
++ break;
++
++ case DW_AT_low_pc:
++ *low_pc = attr->u.val;
++ if (compunit)
++ unit->base_address = *low_pc;
++ break;
++
++ case DW_AT_high_pc:
++ *high_pc = attr->u.val;
++ *high_pc_relative = attr->form != DW_FORM_addr;
++ break;
++
++ case DW_AT_ranges:
++ if (!read_rangelist (unit, &unit->arange,
++ &unit->file->trie_root, attr->u.val))
++ return;
++ break;
++
++ case DW_AT_comp_dir:
++ {
++ char *comp_dir = attr->u.str;
++
++ if (!is_str_form (attr))
++ {
++ _bfd_error_handler
++ (_("DWARF error: DW_AT_comp_dir attribute encountered "
++ "with a non-string form"));
++ comp_dir = NULL;
++ }
++
++ if (comp_dir)
++ {
++ char *cp = strchr (comp_dir, ':');
++
++ if (cp && cp != comp_dir && cp[-1] == '.' && cp[1] == '/')
++ comp_dir = cp + 1;
++ }
++ unit->comp_dir = comp_dir;
++ break;
++ }
++
++ case DW_AT_language:
++ unit->lang = attr->u.val;
++ default:
++ break;
++ }
++}
++
+ /* Parse a DWARF2 compilation unit starting at INFO_PTR. UNIT_LENGTH
+ includes the compilation unit header that proceeds the DIE's, but
+ does not include the length field that precedes each compilation
+@@ -4064,6 +4273,10 @@ parse_comp_unit (struct dwarf2_debug *stash,
+ bfd *abfd = file->bfd_ptr;
+ bool high_pc_relative = false;
+ enum dwarf_unit_type unit_type;
++ struct attribute *str_addrp = NULL;
++ size_t str_count = 0;
++ size_t str_alloc = 0;
++ bool compunit_flag = false;
+
+ version = read_2_bytes (abfd, &info_ptr, end_ptr);
+ if (version < 2 || version > 5)
+@@ -4168,11 +4381,33 @@ parse_comp_unit (struct dwarf2_debug *stash,
+ unit->file = file;
+ unit->info_ptr_unit = info_ptr_unit;
+
++ if (abbrev->tag == DW_TAG_compile_unit)
++ compunit_flag = true;
++
+ for (i = 0; i < abbrev->num_attrs; ++i)
+ {
+ info_ptr = read_attribute (&attr, &abbrev->attrs[i], unit, info_ptr, end_ptr);
+ if (info_ptr == NULL)
+- return NULL;
++ goto err_exit;
++
++ /* Identify attributes of the form strx* and addrx* which come before
++ DW_AT_str_offsets_base and DW_AT_addr_base respectively in the CU.
++ Store the attributes in an array and process them later. */
++ if ((unit->dwarf_str_offset == 0 && is_strx_form (attr.form))
++ || (unit->dwarf_addr_offset == 0 && is_addrx_form (attr.form)))
++ {
++ if (str_count <= str_alloc)
++ {
++ str_alloc = 2 * str_alloc + 200;
++ str_addrp = bfd_realloc (str_addrp,
++ str_alloc * sizeof (*str_addrp));
++ if (str_addrp == NULL)
++ goto err_exit;
++ }
++ str_addrp[str_count] = attr;
++ str_count++;
++ continue;
++ }
+
+ /* Store the data if it is of an attribute we want to keep in a
+ partial symbol table. */
+@@ -4198,7 +4433,7 @@ parse_comp_unit (struct dwarf2_debug *stash,
+ /* If the compilation unit DIE has a DW_AT_low_pc attribute,
+ this is the base address to use when reading location
+ lists or range lists. */
+- if (abbrev->tag == DW_TAG_compile_unit)
++ if (compunit_flag)
+ unit->base_address = low_pc;
+ }
+ break;
+@@ -4215,7 +4450,7 @@ parse_comp_unit (struct dwarf2_debug *stash,
+ if (is_int_form (&attr)
+ && !read_rangelist (unit, &unit->arange,
+ &unit->file->trie_root, attr.u.val))
+- return NULL;
++ goto err_exit;
+ break;
+
+ case DW_AT_comp_dir:
+@@ -4248,21 +4483,40 @@ parse_comp_unit (struct dwarf2_debug *stash,
+ unit->lang = attr.u.val;
+ break;
+
++ case DW_AT_addr_base:
++ unit->dwarf_addr_offset = attr.u.val;
++ break;
++
++ case DW_AT_str_offsets_base:
++ unit->dwarf_str_offset = attr.u.val;
++ break;
++
+ default:
+ break;
+ }
+ }
++
++ for (i = 0; i < str_count; ++i)
++ reread_attribute (unit, &str_addrp[i], &low_pc, &high_pc,
++ &high_pc_relative, compunit_flag);
++
+ if (high_pc_relative)
+ high_pc += low_pc;
+ if (high_pc != 0)
+ {
+ if (!arange_add (unit, &unit->arange, &unit->file->trie_root,
+ low_pc, high_pc))
+- return NULL;
++ goto err_exit;
+ }
+
+ unit->first_child_die_ptr = info_ptr;
++
++ free (str_addrp);
+ return unit;
++
++ err_exit:
++ free (str_addrp);
++ return NULL;
+ }
+
+ /* Return TRUE if UNIT may contain the address given by ADDR. When
+--
+2.31.1
+
diff --git a/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-2.patch b/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-2.patch
new file mode 100644
index 0000000000..be698ef5c1
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-2.patch
@@ -0,0 +1,2127 @@
+From 0e3c1eebb22e0ade28b619fb41f42d66ed6fb145 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Fri, 27 May 2022 12:37:21 +0930
+Subject: [PATCH] Remove use of bfd_uint64_t and similar
+
+Requiring C99 means that uses of bfd_uint64_t can be replaced with
+uint64_t, and similarly for bfd_int64_t, BFD_HOST_U_64_BIT, and
+BFD_HOST_64_BIT. This patch does that, removes #ifdef BFD_HOST_*
+and tidies a few places that print 64-bit values.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=0e3c1eebb22e0ade28b619fb41f42d66ed6fb145]
+
+CVE: CVE-2023-1579
+
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+
+---
+ bfd/aix386-core.c | 6 +--
+ bfd/bfd-in.h | 24 ++++++------
+ bfd/bfd-in2.h | 36 +++++++++---------
+ bfd/coff-rs6000.c | 10 +----
+ bfd/coff-x86_64.c | 2 +-
+ bfd/cpu-ia64-opc.c | 22 +++++------
+ bfd/dwarf2.c | 83 ++++++++++++++++++++---------------------
+ bfd/elf32-score.c | 16 ++++----
+ bfd/elf64-ia64-vms.c | 8 ++--
+ bfd/elflink.c | 16 +-------
+ bfd/elfxx-ia64.c | 6 +--
+ bfd/hppabsd-core.c | 6 +--
+ bfd/hpux-core.c | 6 +--
+ bfd/irix-core.c | 6 +--
+ bfd/libbfd.c | 65 +++++++++-----------------------
+ bfd/mach-o.c | 2 +-
+ bfd/mach-o.h | 8 ++--
+ bfd/netbsd-core.c | 6 +--
+ bfd/osf-core.c | 6 +--
+ bfd/ptrace-core.c | 6 +--
+ bfd/sco5-core.c | 6 +--
+ bfd/targets.c | 12 +++---
+ bfd/trad-core.c | 6 +--
+ bfd/vms-alpha.c | 2 +-
+ binutils/nm.c | 49 +++---------------------
+ binutils/od-macho.c | 50 ++++++++-----------------
+ binutils/prdbg.c | 39 +++----------------
+ binutils/readelf.c | 21 +++++------
+ gas/config/tc-arm.c | 28 ++++----------
+ gas/config/tc-csky.c | 10 ++---
+ gas/config/tc-sparc.c | 35 +++++++++--------
+ gas/config/tc-tilegx.c | 20 +++++-----
+ gas/config/tc-tilepro.c | 20 +++++-----
+ gas/config/tc-z80.c | 8 ++--
+ gas/config/te-vms.c | 2 +-
+ gas/config/te-vms.h | 2 +-
+ gdb/findcmd.c | 2 +-
+ gdb/tilegx-tdep.c | 2 +-
+ gprof/gmon_io.c | 44 ++++++----------------
+ include/elf/nfp.h | 2 +-
+ include/opcode/csky.h | 62 +++++++++++++++---------------
+ include/opcode/ia64.h | 2 +-
+ opcodes/csky-dis.c | 2 +-
+ opcodes/csky-opc.h | 4 +-
+ opcodes/ia64-dis.c | 2 +-
+ 45 files changed, 297 insertions(+), 475 deletions(-)
+
+diff --git a/bfd/aix386-core.c b/bfd/aix386-core.c
+index 3443e49ed46..977a6bd1fb4 100644
+--- a/bfd/aix386-core.c
++++ b/bfd/aix386-core.c
+@@ -220,9 +220,9 @@ swap_abort (void)
+ #define NO_GET ((bfd_vma (*) (const void *)) swap_abort)
+ #define NO_PUT ((void (*) (bfd_vma, void *)) swap_abort)
+ #define NO_GETS ((bfd_signed_vma (*) (const void *)) swap_abort)
+-#define NO_GET64 ((bfd_uint64_t (*) (const void *)) swap_abort)
+-#define NO_PUT64 ((void (*) (bfd_uint64_t, void *)) swap_abort)
+-#define NO_GETS64 ((bfd_int64_t (*) (const void *)) swap_abort)
++#define NO_GET64 ((uint64_t (*) (const void *)) swap_abort)
++#define NO_PUT64 ((void (*) (uint64_t, void *)) swap_abort)
++#define NO_GETS64 ((int64_t (*) (const void *)) swap_abort)
+
+ const bfd_target core_aix386_vec =
+ {
+diff --git a/bfd/bfd-in.h b/bfd/bfd-in.h
+index a1c4bf139fc..09c5728e944 100644
+--- a/bfd/bfd-in.h
++++ b/bfd/bfd-in.h
+@@ -116,10 +116,10 @@ typedef struct bfd bfd;
+ #error No 64 bit integer type available
+ #endif /* ! defined (BFD_HOST_64_BIT) */
+
+-typedef BFD_HOST_U_64_BIT bfd_vma;
+-typedef BFD_HOST_64_BIT bfd_signed_vma;
+-typedef BFD_HOST_U_64_BIT bfd_size_type;
+-typedef BFD_HOST_U_64_BIT symvalue;
++typedef uint64_t bfd_vma;
++typedef int64_t bfd_signed_vma;
++typedef uint64_t bfd_size_type;
++typedef uint64_t symvalue;
+
+ #if BFD_HOST_64BIT_LONG
+ #define BFD_VMA_FMT "l"
+@@ -447,10 +447,10 @@ extern bool bfd_record_phdr
+
+ /* Byte swapping routines. */
+
+-bfd_uint64_t bfd_getb64 (const void *);
+-bfd_uint64_t bfd_getl64 (const void *);
+-bfd_int64_t bfd_getb_signed_64 (const void *);
+-bfd_int64_t bfd_getl_signed_64 (const void *);
++uint64_t bfd_getb64 (const void *);
++uint64_t bfd_getl64 (const void *);
++int64_t bfd_getb_signed_64 (const void *);
++int64_t bfd_getl_signed_64 (const void *);
+ bfd_vma bfd_getb32 (const void *);
+ bfd_vma bfd_getl32 (const void *);
+ bfd_signed_vma bfd_getb_signed_32 (const void *);
+@@ -459,8 +459,8 @@ bfd_vma bfd_getb16 (const void *);
+ bfd_vma bfd_getl16 (const void *);
+ bfd_signed_vma bfd_getb_signed_16 (const void *);
+ bfd_signed_vma bfd_getl_signed_16 (const void *);
+-void bfd_putb64 (bfd_uint64_t, void *);
+-void bfd_putl64 (bfd_uint64_t, void *);
++void bfd_putb64 (uint64_t, void *);
++void bfd_putl64 (uint64_t, void *);
+ void bfd_putb32 (bfd_vma, void *);
+ void bfd_putl32 (bfd_vma, void *);
+ void bfd_putb24 (bfd_vma, void *);
+@@ -470,8 +470,8 @@ void bfd_putl16 (bfd_vma, void *);
+
+ /* Byte swapping routines which take size and endiannes as arguments. */
+
+-bfd_uint64_t bfd_get_bits (const void *, int, bool);
+-void bfd_put_bits (bfd_uint64_t, void *, int, bool);
++uint64_t bfd_get_bits (const void *, int, bool);
++void bfd_put_bits (uint64_t, void *, int, bool);
+
+
+ /* mmap hacks */
+diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h
+index 50e26fc691d..d50885e76cf 100644
+--- a/bfd/bfd-in2.h
++++ b/bfd/bfd-in2.h
+@@ -123,10 +123,10 @@ typedef struct bfd bfd;
+ #error No 64 bit integer type available
+ #endif /* ! defined (BFD_HOST_64_BIT) */
+
+-typedef BFD_HOST_U_64_BIT bfd_vma;
+-typedef BFD_HOST_64_BIT bfd_signed_vma;
+-typedef BFD_HOST_U_64_BIT bfd_size_type;
+-typedef BFD_HOST_U_64_BIT symvalue;
++typedef uint64_t bfd_vma;
++typedef int64_t bfd_signed_vma;
++typedef uint64_t bfd_size_type;
++typedef uint64_t symvalue;
+
+ #if BFD_HOST_64BIT_LONG
+ #define BFD_VMA_FMT "l"
+@@ -454,10 +454,10 @@ extern bool bfd_record_phdr
+
+ /* Byte swapping routines. */
+
+-bfd_uint64_t bfd_getb64 (const void *);
+-bfd_uint64_t bfd_getl64 (const void *);
+-bfd_int64_t bfd_getb_signed_64 (const void *);
+-bfd_int64_t bfd_getl_signed_64 (const void *);
++uint64_t bfd_getb64 (const void *);
++uint64_t bfd_getl64 (const void *);
++int64_t bfd_getb_signed_64 (const void *);
++int64_t bfd_getl_signed_64 (const void *);
+ bfd_vma bfd_getb32 (const void *);
+ bfd_vma bfd_getl32 (const void *);
+ bfd_signed_vma bfd_getb_signed_32 (const void *);
+@@ -466,8 +466,8 @@ bfd_vma bfd_getb16 (const void *);
+ bfd_vma bfd_getl16 (const void *);
+ bfd_signed_vma bfd_getb_signed_16 (const void *);
+ bfd_signed_vma bfd_getl_signed_16 (const void *);
+-void bfd_putb64 (bfd_uint64_t, void *);
+-void bfd_putl64 (bfd_uint64_t, void *);
++void bfd_putb64 (uint64_t, void *);
++void bfd_putl64 (uint64_t, void *);
+ void bfd_putb32 (bfd_vma, void *);
+ void bfd_putl32 (bfd_vma, void *);
+ void bfd_putb24 (bfd_vma, void *);
+@@ -477,8 +477,8 @@ void bfd_putl16 (bfd_vma, void *);
+
+ /* Byte swapping routines which take size and endiannes as arguments. */
+
+-bfd_uint64_t bfd_get_bits (const void *, int, bool);
+-void bfd_put_bits (bfd_uint64_t, void *, int, bool);
++uint64_t bfd_get_bits (const void *, int, bool);
++void bfd_put_bits (uint64_t, void *, int, bool);
+
+
+ /* mmap hacks */
+@@ -7416,9 +7416,9 @@ typedef struct bfd_target
+ /* Entries for byte swapping for data. These are different from the
+ other entry points, since they don't take a BFD as the first argument.
+ Certain other handlers could do the same. */
+- bfd_uint64_t (*bfd_getx64) (const void *);
+- bfd_int64_t (*bfd_getx_signed_64) (const void *);
+- void (*bfd_putx64) (bfd_uint64_t, void *);
++ uint64_t (*bfd_getx64) (const void *);
++ int64_t (*bfd_getx_signed_64) (const void *);
++ void (*bfd_putx64) (uint64_t, void *);
+ bfd_vma (*bfd_getx32) (const void *);
+ bfd_signed_vma (*bfd_getx_signed_32) (const void *);
+ void (*bfd_putx32) (bfd_vma, void *);
+@@ -7427,9 +7427,9 @@ typedef struct bfd_target
+ void (*bfd_putx16) (bfd_vma, void *);
+
+ /* Byte swapping for the headers. */
+- bfd_uint64_t (*bfd_h_getx64) (const void *);
+- bfd_int64_t (*bfd_h_getx_signed_64) (const void *);
+- void (*bfd_h_putx64) (bfd_uint64_t, void *);
++ uint64_t (*bfd_h_getx64) (const void *);
++ int64_t (*bfd_h_getx_signed_64) (const void *);
++ void (*bfd_h_putx64) (uint64_t, void *);
+ bfd_vma (*bfd_h_getx32) (const void *);
+ bfd_signed_vma (*bfd_h_getx_signed_32) (const void *);
+ void (*bfd_h_putx32) (bfd_vma, void *);
+diff --git a/bfd/coff-rs6000.c b/bfd/coff-rs6000.c
+index 8819187ab42..48ce5c0516b 100644
+--- a/bfd/coff-rs6000.c
++++ b/bfd/coff-rs6000.c
+@@ -1890,18 +1890,12 @@ xcoff_write_armap_old (bfd *abfd, unsigned int elength ATTRIBUTE_UNUSED,
+ }
+
+ static char buff20[XCOFFARMAGBIG_ELEMENT_SIZE + 1];
+-#if BFD_HOST_64BIT_LONG
+-#define FMT20 "%-20ld"
+-#elif defined (__MSVCRT__)
+-#define FMT20 "%-20I64d"
+-#else
+-#define FMT20 "%-20lld"
+-#endif
++#define FMT20 "%-20" PRId64
+ #define FMT12 "%-12d"
+ #define FMT12_OCTAL "%-12o"
+ #define FMT4 "%-4d"
+ #define PRINT20(d, v) \
+- sprintf (buff20, FMT20, (bfd_uint64_t)(v)), \
++ sprintf (buff20, FMT20, (uint64_t) (v)), \
+ memcpy ((void *) (d), buff20, 20)
+
+ #define PRINT12(d, v) \
+diff --git a/bfd/coff-x86_64.c b/bfd/coff-x86_64.c
+index e8e16d3ce4b..cf339c93215 100644
+--- a/bfd/coff-x86_64.c
++++ b/bfd/coff-x86_64.c
+@@ -201,7 +201,7 @@ coff_amd64_reloc (bfd *abfd,
+
+ case 4:
+ {
+- bfd_uint64_t x = bfd_get_64 (abfd, addr);
++ uint64_t x = bfd_get_64 (abfd, addr);
+ DOIT (x);
+ bfd_put_64 (abfd, x, addr);
+ }
+diff --git a/bfd/cpu-ia64-opc.c b/bfd/cpu-ia64-opc.c
+index e2b5c2694b6..01e3c3f476a 100644
+--- a/bfd/cpu-ia64-opc.c
++++ b/bfd/cpu-ia64-opc.c
+@@ -99,14 +99,14 @@ ins_immu (const struct ia64_operand *self, ia64_insn value, ia64_insn *code)
+ static const char*
+ ext_immu (const struct ia64_operand *self, ia64_insn code, ia64_insn *valuep)
+ {
+- BFD_HOST_U_64_BIT value = 0;
++ uint64_t value = 0;
+ int i, bits = 0, total = 0;
+
+ for (i = 0; i < NELEMS (self->field) && self->field[i].bits; ++i)
+ {
+ bits = self->field[i].bits;
+ value |= ((code >> self->field[i].shift)
+- & ((((BFD_HOST_U_64_BIT) 1) << bits) - 1)) << total;
++ & (((uint64_t) 1 << bits) - 1)) << total;
+ total += bits;
+ }
+ *valuep = value;
+@@ -161,7 +161,7 @@ static const char*
+ ins_imms_scaled (const struct ia64_operand *self, ia64_insn value,
+ ia64_insn *code, int scale)
+ {
+- BFD_HOST_64_BIT svalue = value, sign_bit = 0;
++ int64_t svalue = value, sign_bit = 0;
+ ia64_insn new_insn = 0;
+ int i;
+
+@@ -186,17 +186,17 @@ ext_imms_scaled (const struct ia64_operand *self, ia64_insn code,
+ ia64_insn *valuep, int scale)
+ {
+ int i, bits = 0, total = 0;
+- BFD_HOST_U_64_BIT val = 0, sign;
++ uint64_t val = 0, sign;
+
+ for (i = 0; i < NELEMS (self->field) && self->field[i].bits; ++i)
+ {
+ bits = self->field[i].bits;
+ val |= ((code >> self->field[i].shift)
+- & ((((BFD_HOST_U_64_BIT) 1) << bits) - 1)) << total;
++ & (((uint64_t) 1 << bits) - 1)) << total;
+ total += bits;
+ }
+ /* sign extend: */
+- sign = (BFD_HOST_U_64_BIT) 1 << (total - 1);
++ sign = (uint64_t) 1 << (total - 1);
+ val = (val ^ sign) - sign;
+
+ *valuep = val << scale;
+@@ -312,7 +312,7 @@ static const char*
+ ins_cnt (const struct ia64_operand *self, ia64_insn value, ia64_insn *code)
+ {
+ --value;
+- if (value >= ((BFD_HOST_U_64_BIT) 1) << self->field[0].bits)
++ if (value >= (uint64_t) 1 << self->field[0].bits)
+ return "count out of range";
+
+ *code |= value << self->field[0].shift;
+@@ -323,7 +323,7 @@ static const char*
+ ext_cnt (const struct ia64_operand *self, ia64_insn code, ia64_insn *valuep)
+ {
+ *valuep = ((code >> self->field[0].shift)
+- & ((((BFD_HOST_U_64_BIT) 1) << self->field[0].bits) - 1)) + 1;
++ & (((uint64_t) 1 << self->field[0].bits) - 1)) + 1;
+ return 0;
+ }
+
+@@ -421,8 +421,8 @@ ext_strd5b (const struct ia64_operand *self, ia64_insn code,
+ static const char*
+ ins_inc3 (const struct ia64_operand *self, ia64_insn value, ia64_insn *code)
+ {
+- BFD_HOST_64_BIT val = value;
+- BFD_HOST_U_64_BIT sign = 0;
++ int64_t val = value;
++ uint64_t sign = 0;
+
+ if (val < 0)
+ {
+@@ -444,7 +444,7 @@ ins_inc3 (const struct ia64_operand *self, ia64_insn value, ia64_insn *code)
+ static const char*
+ ext_inc3 (const struct ia64_operand *self, ia64_insn code, ia64_insn *valuep)
+ {
+- BFD_HOST_64_BIT val;
++ int64_t val;
+ int negate;
+
+ val = (code >> self->field[0].shift) & 0x7;
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 45e286754e4..6a728fc38b0 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -63,8 +63,8 @@ struct attribute
+ {
+ char *str;
+ struct dwarf_block *blk;
+- bfd_uint64_t val;
+- bfd_int64_t sval;
++ uint64_t val;
++ int64_t sval;
+ }
+ u;
+ };
+@@ -632,12 +632,12 @@ lookup_info_hash_table (struct info_hash_table *hash_table, const char *key)
+ the located section does not contain at least OFFSET bytes. */
+
+ static bool
+-read_section (bfd * abfd,
++read_section (bfd *abfd,
+ const struct dwarf_debug_section *sec,
+- asymbol ** syms,
+- bfd_uint64_t offset,
+- bfd_byte ** section_buffer,
+- bfd_size_type * section_size)
++ asymbol **syms,
++ uint64_t offset,
++ bfd_byte **section_buffer,
++ bfd_size_type *section_size)
+ {
+ const char *section_name = sec->uncompressed_name;
+ bfd_byte *contents = *section_buffer;
+@@ -848,7 +848,7 @@ read_indirect_string (struct comp_unit *unit,
+ bfd_byte **ptr,
+ bfd_byte *buf_end)
+ {
+- bfd_uint64_t offset;
++ uint64_t offset;
+ struct dwarf2_debug *stash = unit->stash;
+ struct dwarf2_debug_file *file = unit->file;
+ char *str;
+@@ -882,7 +882,7 @@ read_indirect_line_string (struct comp_unit *unit,
+ bfd_byte **ptr,
+ bfd_byte *buf_end)
+ {
+- bfd_uint64_t offset;
++ uint64_t offset;
+ struct dwarf2_debug *stash = unit->stash;
+ struct dwarf2_debug_file *file = unit->file;
+ char *str;
+@@ -919,7 +919,7 @@ read_alt_indirect_string (struct comp_unit *unit,
+ bfd_byte **ptr,
+ bfd_byte *buf_end)
+ {
+- bfd_uint64_t offset;
++ uint64_t offset;
+ struct dwarf2_debug *stash = unit->stash;
+ char *str;
+
+@@ -975,8 +975,7 @@ read_alt_indirect_string (struct comp_unit *unit,
+ or NULL upon failure. */
+
+ static bfd_byte *
+-read_alt_indirect_ref (struct comp_unit * unit,
+- bfd_uint64_t offset)
++read_alt_indirect_ref (struct comp_unit *unit, uint64_t offset)
+ {
+ struct dwarf2_debug *stash = unit->stash;
+
+@@ -1012,7 +1011,7 @@ read_alt_indirect_ref (struct comp_unit * unit,
+ return stash->alt.dwarf_info_buffer + offset;
+ }
+
+-static bfd_uint64_t
++static uint64_t
+ read_address (struct comp_unit *unit, bfd_byte **ptr, bfd_byte *buf_end)
+ {
+ bfd_byte *buf = *ptr;
+@@ -1131,7 +1130,7 @@ del_abbrev (void *p)
+ in a hash table. */
+
+ static struct abbrev_info**
+-read_abbrevs (bfd *abfd, bfd_uint64_t offset, struct dwarf2_debug *stash,
++read_abbrevs (bfd *abfd, uint64_t offset, struct dwarf2_debug *stash,
+ struct dwarf2_debug_file *file)
+ {
+ struct abbrev_info **abbrevs;
+@@ -1356,8 +1355,7 @@ is_addrx_form (enum dwarf_form form)
+ /* Returns the address in .debug_addr section using DW_AT_addr_base.
+ Used to implement DW_FORM_addrx*. */
+ static bfd_vma
+-read_indexed_address (bfd_uint64_t idx,
+- struct comp_unit *unit)
++read_indexed_address (uint64_t idx, struct comp_unit *unit)
+ {
+ struct dwarf2_debug *stash = unit->stash;
+ struct dwarf2_debug_file *file = unit->file;
+@@ -1383,8 +1381,7 @@ read_indexed_address (bfd_uint64_t idx,
+ /* Returns the string using DW_AT_str_offsets_base.
+ Used to implement DW_FORM_strx*. */
+ static const char *
+-read_indexed_string (bfd_uint64_t idx,
+- struct comp_unit *unit)
++read_indexed_string (uint64_t idx, struct comp_unit *unit)
+ {
+ struct dwarf2_debug *stash = unit->stash;
+ struct dwarf2_debug_file *file = unit->file;
+@@ -1717,39 +1714,39 @@ struct line_info_table
+ struct funcinfo
+ {
+ /* Pointer to previous function in list of all functions. */
+- struct funcinfo * prev_func;
++ struct funcinfo *prev_func;
+ /* Pointer to function one scope higher. */
+- struct funcinfo * caller_func;
++ struct funcinfo *caller_func;
+ /* Source location file name where caller_func inlines this func. */
+- char * caller_file;
++ char *caller_file;
+ /* Source location file name. */
+- char * file;
++ char *file;
+ /* Source location line number where caller_func inlines this func. */
+- int caller_line;
++ int caller_line;
+ /* Source location line number. */
+- int line;
+- int tag;
+- bool is_linkage;
+- const char * name;
+- struct arange arange;
++ int line;
++ int tag;
++ bool is_linkage;
++ const char *name;
++ struct arange arange;
+ /* Where the symbol is defined. */
+- asection * sec;
++ asection *sec;
+ /* The offset of the funcinfo from the start of the unit. */
+- bfd_uint64_t unit_offset;
++ uint64_t unit_offset;
+ };
+
+ struct lookup_funcinfo
+ {
+ /* Function information corresponding to this lookup table entry. */
+- struct funcinfo * funcinfo;
++ struct funcinfo *funcinfo;
+
+ /* The lowest address for this specific function. */
+- bfd_vma low_addr;
++ bfd_vma low_addr;
+
+ /* The highest address of this function before the lookup table is sorted.
+ The highest address of all prior functions after the lookup table is
+ sorted, which is used for binary search. */
+- bfd_vma high_addr;
++ bfd_vma high_addr;
+ /* Index of this function, used to ensure qsort is stable. */
+ unsigned int idx;
+ };
+@@ -1759,7 +1756,7 @@ struct varinfo
+ /* Pointer to previous variable in list of all variables. */
+ struct varinfo *prev_var;
+ /* The offset of the varinfo from the start of the unit. */
+- bfd_uint64_t unit_offset;
++ uint64_t unit_offset;
+ /* Source location file name. */
+ char *file;
+ /* Source location line number. */
+@@ -3335,7 +3332,7 @@ find_abstract_instance (struct comp_unit *unit,
+ bfd_byte *info_ptr_end;
+ unsigned int abbrev_number, i;
+ struct abbrev_info *abbrev;
+- bfd_uint64_t die_ref = attr_ptr->u.val;
++ uint64_t die_ref = attr_ptr->u.val;
+ struct attribute attr;
+ const char *name = NULL;
+
+@@ -3549,7 +3546,7 @@ find_abstract_instance (struct comp_unit *unit,
+
+ static bool
+ read_ranges (struct comp_unit *unit, struct arange *arange,
+- struct trie_node **trie_root, bfd_uint64_t offset)
++ struct trie_node **trie_root, uint64_t offset)
+ {
+ bfd_byte *ranges_ptr;
+ bfd_byte *ranges_end;
+@@ -3594,7 +3591,7 @@ read_ranges (struct comp_unit *unit, struct arange *arange,
+
+ static bool
+ read_rnglists (struct comp_unit *unit, struct arange *arange,
+- struct trie_node **trie_root, bfd_uint64_t offset)
++ struct trie_node **trie_root, uint64_t offset)
+ {
+ bfd_byte *rngs_ptr;
+ bfd_byte *rngs_end;
+@@ -3675,7 +3672,7 @@ read_rnglists (struct comp_unit *unit, struct arange *arange,
+
+ static bool
+ read_rangelist (struct comp_unit *unit, struct arange *arange,
+- struct trie_node **trie_root, bfd_uint64_t offset)
++ struct trie_node **trie_root, uint64_t offset)
+ {
+ if (unit->version <= 4)
+ return read_ranges (unit, arange, trie_root, offset);
+@@ -3684,7 +3681,7 @@ read_rangelist (struct comp_unit *unit, struct arange *arange,
+ }
+
+ static struct funcinfo *
+-lookup_func_by_offset (bfd_uint64_t offset, struct funcinfo * table)
++lookup_func_by_offset (uint64_t offset, struct funcinfo * table)
+ {
+ for (; table != NULL; table = table->prev_func)
+ if (table->unit_offset == offset)
+@@ -3693,7 +3690,7 @@ lookup_func_by_offset (bfd_uint64_t offset, struct funcinfo * table)
+ }
+
+ static struct varinfo *
+-lookup_var_by_offset (bfd_uint64_t offset, struct varinfo * table)
++lookup_var_by_offset (uint64_t offset, struct varinfo * table)
+ {
+ while (table)
+ {
+@@ -3775,7 +3772,7 @@ scan_unit_for_symbols (struct comp_unit *unit)
+ struct abbrev_info *abbrev;
+ struct funcinfo *func;
+ struct varinfo *var;
+- bfd_uint64_t current_offset;
++ uint64_t current_offset;
+
+ /* PR 17512: file: 9f405d9d. */
+ if (info_ptr >= info_ptr_end)
+@@ -3909,7 +3906,7 @@ scan_unit_for_symbols (struct comp_unit *unit)
+ bfd_vma low_pc = 0;
+ bfd_vma high_pc = 0;
+ bool high_pc_relative = false;
+- bfd_uint64_t current_offset;
++ uint64_t current_offset;
+
+ /* PR 17512: file: 9f405d9d. */
+ if (info_ptr >= info_ptr_end)
+@@ -4259,7 +4256,7 @@ parse_comp_unit (struct dwarf2_debug *stash,
+ {
+ struct comp_unit* unit;
+ unsigned int version;
+- bfd_uint64_t abbrev_offset = 0;
++ uint64_t abbrev_offset = 0;
+ /* Initialize it just to avoid a GCC false warning. */
+ unsigned int addr_size = -1;
+ struct abbrev_info** abbrevs;
+diff --git a/bfd/elf32-score.c b/bfd/elf32-score.c
+index c868707347c..5bc78d523ea 100644
+--- a/bfd/elf32-score.c
++++ b/bfd/elf32-score.c
+@@ -230,14 +230,14 @@ static bfd_vma
+ score3_bfd_getl48 (const void *p)
+ {
+ const bfd_byte *addr = p;
+- bfd_uint64_t v;
+-
+- v = (bfd_uint64_t) addr[4];
+- v |= (bfd_uint64_t) addr[5] << 8;
+- v |= (bfd_uint64_t) addr[2] << 16;
+- v |= (bfd_uint64_t) addr[3] << 24;
+- v |= (bfd_uint64_t) addr[0] << 32;
+- v |= (bfd_uint64_t) addr[1] << 40;
++ uint64_t v;
++
++ v = (uint64_t) addr[4];
++ v |= (uint64_t) addr[5] << 8;
++ v |= (uint64_t) addr[2] << 16;
++ v |= (uint64_t) addr[3] << 24;
++ v |= (uint64_t) addr[0] << 32;
++ v |= (uint64_t) addr[1] << 40;
+ return v;
+ }
+
+diff --git a/bfd/elf64-ia64-vms.c b/bfd/elf64-ia64-vms.c
+index 59cc6b6fe85..4d8f98550a3 100644
+--- a/bfd/elf64-ia64-vms.c
++++ b/bfd/elf64-ia64-vms.c
+@@ -179,7 +179,7 @@ struct elf64_ia64_vms_obj_tdata
+ struct elf_obj_tdata root;
+
+ /* Ident for shared library. */
+- bfd_uint64_t ident;
++ uint64_t ident;
+
+ /* Used only during link: offset in the .fixups section for this bfd. */
+ bfd_vma fixups_off;
+@@ -2791,7 +2791,7 @@ elf64_ia64_size_dynamic_sections (bfd *output_bfd ATTRIBUTE_UNUSED,
+ if (!_bfd_elf_add_dynamic_entry (info, DT_IA_64_VMS_IDENT, 0))
+ return false;
+ if (!_bfd_elf_add_dynamic_entry (info, DT_IA_64_VMS_LINKTIME,
+- (((bfd_uint64_t)time_hi) << 32)
++ ((uint64_t) time_hi << 32)
+ + time_lo))
+ return false;
+
+@@ -4720,7 +4720,7 @@ elf64_vms_close_and_cleanup (bfd *abfd)
+ if ((isize & 7) != 0)
+ {
+ int ishort = 8 - (isize & 7);
+- bfd_uint64_t pad = 0;
++ uint64_t pad = 0;
+
+ bfd_seek (abfd, isize, SEEK_SET);
+ bfd_bwrite (&pad, ishort, abfd);
+@@ -4853,7 +4853,7 @@ elf64_vms_link_add_object_symbols (bfd *abfd, struct bfd_link_info *info)
+ bed->s->swap_dyn_in (abfd, extdyn, &dyn);
+ if (dyn.d_tag == DT_IA_64_VMS_IDENT)
+ {
+- bfd_uint64_t tagv = dyn.d_un.d_val;
++ uint64_t tagv = dyn.d_un.d_val;
+ elf_ia64_vms_ident (abfd) = tagv;
+ break;
+ }
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index 96eb36aa5bf..fc3a335c72d 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -6354,15 +6354,11 @@ compute_bucket_count (struct bfd_link_info *info ATTRIBUTE_UNUSED,
+ size_t best_size = 0;
+ unsigned long int i;
+
+- /* We have a problem here. The following code to optimize the table
+- size requires an integer type with more the 32 bits. If
+- BFD_HOST_U_64_BIT is set we know about such a type. */
+-#ifdef BFD_HOST_U_64_BIT
+ if (info->optimize)
+ {
+ size_t minsize;
+ size_t maxsize;
+- BFD_HOST_U_64_BIT best_chlen = ~((BFD_HOST_U_64_BIT) 0);
++ uint64_t best_chlen = ~((uint64_t) 0);
+ bfd *dynobj = elf_hash_table (info)->dynobj;
+ size_t dynsymcount = elf_hash_table (info)->dynsymcount;
+ const struct elf_backend_data *bed = get_elf_backend_data (dynobj);
+@@ -6399,7 +6395,7 @@ compute_bucket_count (struct bfd_link_info *info ATTRIBUTE_UNUSED,
+ for (i = minsize; i < maxsize; ++i)
+ {
+ /* Walk through the array of hashcodes and count the collisions. */
+- BFD_HOST_U_64_BIT max;
++ uint64_t max;
+ unsigned long int j;
+ unsigned long int fact;
+
+@@ -6464,11 +6460,7 @@ compute_bucket_count (struct bfd_link_info *info ATTRIBUTE_UNUSED,
+ free (counts);
+ }
+ else
+-#endif /* defined (BFD_HOST_U_64_BIT) */
+ {
+- /* This is the fallback solution if no 64bit type is available or if we
+- are not supposed to spend much time on optimizations. We select the
+- bucket count using a fixed set of numbers. */
+ for (i = 0; elf_buckets[i] != 0; i++)
+ {
+ best_size = elf_buckets[i];
+@@ -9354,7 +9346,6 @@ ext32b_r_offset (const void *p)
+ return aval;
+ }
+
+-#ifdef BFD_HOST_64_BIT
+ static bfd_vma
+ ext64l_r_offset (const void *p)
+ {
+@@ -9398,7 +9389,6 @@ ext64b_r_offset (const void *p)
+ | (uint64_t) a->c[7]);
+ return aval;
+ }
+-#endif
+
+ /* When performing a relocatable link, the input relocations are
+ preserved. But, if they reference global symbols, the indices
+@@ -9502,13 +9492,11 @@ elf_link_adjust_relocs (bfd *abfd,
+ }
+ else
+ {
+-#ifdef BFD_HOST_64_BIT
+ if (abfd->xvec->header_byteorder == BFD_ENDIAN_LITTLE)
+ ext_r_off = ext64l_r_offset;
+ else if (abfd->xvec->header_byteorder == BFD_ENDIAN_BIG)
+ ext_r_off = ext64b_r_offset;
+ else
+-#endif
+ abort ();
+ }
+
+diff --git a/bfd/elfxx-ia64.c b/bfd/elfxx-ia64.c
+index c126adf6890..a108324ca39 100644
+--- a/bfd/elfxx-ia64.c
++++ b/bfd/elfxx-ia64.c
+@@ -555,11 +555,7 @@ ia64_elf_install_value (bfd_byte *hit_addr, bfd_vma v, unsigned int r_type)
+ enum ia64_opnd opnd;
+ const char *err;
+ size_t size = 8;
+-#ifdef BFD_HOST_U_64_BIT
+- BFD_HOST_U_64_BIT val = (BFD_HOST_U_64_BIT) v;
+-#else
+- bfd_vma val = v;
+-#endif
++ uint64_t val = v;
+
+ opnd = IA64_OPND_NIL;
+ switch (r_type)
+diff --git a/bfd/hppabsd-core.c b/bfd/hppabsd-core.c
+index acfa5f69a95..d87af955838 100644
+--- a/bfd/hppabsd-core.c
++++ b/bfd/hppabsd-core.c
+@@ -213,9 +213,9 @@ swap_abort (void)
+ #define NO_GET ((bfd_vma (*) (const void *)) swap_abort)
+ #define NO_PUT ((void (*) (bfd_vma, void *)) swap_abort)
+ #define NO_GETS ((bfd_signed_vma (*) (const void *)) swap_abort)
+-#define NO_GET64 ((bfd_uint64_t (*) (const void *)) swap_abort)
+-#define NO_PUT64 ((void (*) (bfd_uint64_t, void *)) swap_abort)
+-#define NO_GETS64 ((bfd_int64_t (*) (const void *)) swap_abort)
++#define NO_GET64 ((uint64_t (*) (const void *)) swap_abort)
++#define NO_PUT64 ((void (*) (uint64_t, void *)) swap_abort)
++#define NO_GETS64 ((int64_t (*) (const void *)) swap_abort)
+
+ const bfd_target core_hppabsd_vec =
+ {
+diff --git a/bfd/hpux-core.c b/bfd/hpux-core.c
+index 4f03b84909a..654532c6bb9 100644
+--- a/bfd/hpux-core.c
++++ b/bfd/hpux-core.c
+@@ -362,9 +362,9 @@ swap_abort (void)
+ #define NO_GET ((bfd_vma (*) (const void *)) swap_abort)
+ #define NO_PUT ((void (*) (bfd_vma, void *)) swap_abort)
+ #define NO_GETS ((bfd_signed_vma (*) (const void *)) swap_abort)
+-#define NO_GET64 ((bfd_uint64_t (*) (const void *)) swap_abort)
+-#define NO_PUT64 ((void (*) (bfd_uint64_t, void *)) swap_abort)
+-#define NO_GETS64 ((bfd_int64_t (*) (const void *)) swap_abort)
++#define NO_GET64 ((uint64_t (*) (const void *)) swap_abort)
++#define NO_PUT64 ((void (*) (uint64_t, void *)) swap_abort)
++#define NO_GETS64 ((int64_t (*) (const void *)) swap_abort)
+
+ const bfd_target core_hpux_vec =
+ {
+diff --git a/bfd/irix-core.c b/bfd/irix-core.c
+index 694fe2e2e07..b12aef9ce8b 100644
+--- a/bfd/irix-core.c
++++ b/bfd/irix-core.c
+@@ -275,9 +275,9 @@ swap_abort(void)
+ #define NO_GET ((bfd_vma (*) (const void *)) swap_abort)
+ #define NO_PUT ((void (*) (bfd_vma, void *)) swap_abort)
+ #define NO_GETS ((bfd_signed_vma (*) (const void *)) swap_abort)
+-#define NO_GET64 ((bfd_uint64_t (*) (const void *)) swap_abort)
+-#define NO_PUT64 ((void (*) (bfd_uint64_t, void *)) swap_abort)
+-#define NO_GETS64 ((bfd_int64_t (*) (const void *)) swap_abort)
++#define NO_GET64 ((uint64_t (*) (const void *)) swap_abort)
++#define NO_PUT64 ((void (*) (uint64_t, void *)) swap_abort)
++#define NO_GETS64 ((int64_t (*) (const void *)) swap_abort)
+
+ const bfd_target core_irix_vec =
+ {
+diff --git a/bfd/libbfd.c b/bfd/libbfd.c
+index 2781671ddba..d33f3416206 100644
+--- a/bfd/libbfd.c
++++ b/bfd/libbfd.c
+@@ -617,7 +617,7 @@ DESCRIPTION
+ #define COERCE16(x) (((bfd_vma) (x) ^ 0x8000) - 0x8000)
+ #define COERCE32(x) (((bfd_vma) (x) ^ 0x80000000) - 0x80000000)
+ #define COERCE64(x) \
+- (((bfd_uint64_t) (x) ^ ((bfd_uint64_t) 1 << 63)) - ((bfd_uint64_t) 1 << 63))
++ (((uint64_t) (x) ^ ((uint64_t) 1 << 63)) - ((uint64_t) 1 << 63))
+
+ bfd_vma
+ bfd_getb16 (const void *p)
+@@ -757,12 +757,11 @@ bfd_getl_signed_32 (const void *p)
+ return COERCE32 (v);
+ }
+
+-bfd_uint64_t
+-bfd_getb64 (const void *p ATTRIBUTE_UNUSED)
++uint64_t
++bfd_getb64 (const void *p)
+ {
+-#ifdef BFD_HOST_64_BIT
+ const bfd_byte *addr = (const bfd_byte *) p;
+- bfd_uint64_t v;
++ uint64_t v;
+
+ v = addr[0]; v <<= 8;
+ v |= addr[1]; v <<= 8;
+@@ -774,18 +773,13 @@ bfd_getb64 (const void *p ATTRIBUTE_UNUSED)
+ v |= addr[7];
+
+ return v;
+-#else
+- BFD_FAIL();
+- return 0;
+-#endif
+ }
+
+-bfd_uint64_t
+-bfd_getl64 (const void *p ATTRIBUTE_UNUSED)
++uint64_t
++bfd_getl64 (const void *p)
+ {
+-#ifdef BFD_HOST_64_BIT
+ const bfd_byte *addr = (const bfd_byte *) p;
+- bfd_uint64_t v;
++ uint64_t v;
+
+ v = addr[7]; v <<= 8;
+ v |= addr[6]; v <<= 8;
+@@ -797,19 +791,13 @@ bfd_getl64 (const void *p ATTRIBUTE_UNUSED)
+ v |= addr[0];
+
+ return v;
+-#else
+- BFD_FAIL();
+- return 0;
+-#endif
+-
+ }
+
+-bfd_int64_t
+-bfd_getb_signed_64 (const void *p ATTRIBUTE_UNUSED)
++int64_t
++bfd_getb_signed_64 (const void *p)
+ {
+-#ifdef BFD_HOST_64_BIT
+ const bfd_byte *addr = (const bfd_byte *) p;
+- bfd_uint64_t v;
++ uint64_t v;
+
+ v = addr[0]; v <<= 8;
+ v |= addr[1]; v <<= 8;
+@@ -821,18 +809,13 @@ bfd_getb_signed_64 (const void *p ATTRIBUTE_UNUSED)
+ v |= addr[7];
+
+ return COERCE64 (v);
+-#else
+- BFD_FAIL();
+- return 0;
+-#endif
+ }
+
+-bfd_int64_t
+-bfd_getl_signed_64 (const void *p ATTRIBUTE_UNUSED)
++int64_t
++bfd_getl_signed_64 (const void *p)
+ {
+-#ifdef BFD_HOST_64_BIT
+ const bfd_byte *addr = (const bfd_byte *) p;
+- bfd_uint64_t v;
++ uint64_t v;
+
+ v = addr[7]; v <<= 8;
+ v |= addr[6]; v <<= 8;
+@@ -844,10 +827,6 @@ bfd_getl_signed_64 (const void *p ATTRIBUTE_UNUSED)
+ v |= addr[0];
+
+ return COERCE64 (v);
+-#else
+- BFD_FAIL();
+- return 0;
+-#endif
+ }
+
+ void
+@@ -871,9 +850,8 @@ bfd_putl32 (bfd_vma data, void *p)
+ }
+
+ void
+-bfd_putb64 (bfd_uint64_t data ATTRIBUTE_UNUSED, void *p ATTRIBUTE_UNUSED)
++bfd_putb64 (uint64_t data, void *p)
+ {
+-#ifdef BFD_HOST_64_BIT
+ bfd_byte *addr = (bfd_byte *) p;
+ addr[0] = (data >> (7*8)) & 0xff;
+ addr[1] = (data >> (6*8)) & 0xff;
+@@ -883,15 +861,11 @@ bfd_putb64 (bfd_uint64_t data ATTRIBUTE_UNUSED, void *p ATTRIBUTE_UNUSED)
+ addr[5] = (data >> (2*8)) & 0xff;
+ addr[6] = (data >> (1*8)) & 0xff;
+ addr[7] = (data >> (0*8)) & 0xff;
+-#else
+- BFD_FAIL();
+-#endif
+ }
+
+ void
+-bfd_putl64 (bfd_uint64_t data ATTRIBUTE_UNUSED, void *p ATTRIBUTE_UNUSED)
++bfd_putl64 (uint64_t data, void *p)
+ {
+-#ifdef BFD_HOST_64_BIT
+ bfd_byte *addr = (bfd_byte *) p;
+ addr[7] = (data >> (7*8)) & 0xff;
+ addr[6] = (data >> (6*8)) & 0xff;
+@@ -901,13 +875,10 @@ bfd_putl64 (bfd_uint64_t data ATTRIBUTE_UNUSED, void *p ATTRIBUTE_UNUSED)
+ addr[2] = (data >> (2*8)) & 0xff;
+ addr[1] = (data >> (1*8)) & 0xff;
+ addr[0] = (data >> (0*8)) & 0xff;
+-#else
+- BFD_FAIL();
+-#endif
+ }
+
+ void
+-bfd_put_bits (bfd_uint64_t data, void *p, int bits, bool big_p)
++bfd_put_bits (uint64_t data, void *p, int bits, bool big_p)
+ {
+ bfd_byte *addr = (bfd_byte *) p;
+ int i;
+@@ -926,11 +897,11 @@ bfd_put_bits (bfd_uint64_t data, void *p, int bits, bool big_p)
+ }
+ }
+
+-bfd_uint64_t
++uint64_t
+ bfd_get_bits (const void *p, int bits, bool big_p)
+ {
+ const bfd_byte *addr = (const bfd_byte *) p;
+- bfd_uint64_t data;
++ uint64_t data;
+ int i;
+ int bytes;
+
+diff --git a/bfd/mach-o.c b/bfd/mach-o.c
+index e32b7873cef..9f3f1f13e4e 100644
+--- a/bfd/mach-o.c
++++ b/bfd/mach-o.c
+@@ -4773,7 +4773,7 @@ bfd_mach_o_read_source_version (bfd *abfd, bfd_mach_o_load_command *command)
+ {
+ bfd_mach_o_source_version_command *cmd = &command->command.source_version;
+ struct mach_o_source_version_command_external raw;
+- bfd_uint64_t ver;
++ uint64_t ver;
+
+ if (command->len < sizeof (raw) + 8)
+ return false;
+diff --git a/bfd/mach-o.h b/bfd/mach-o.h
+index 5a068d8d970..f7418ad8d40 100644
+--- a/bfd/mach-o.h
++++ b/bfd/mach-o.h
+@@ -545,8 +545,8 @@ bfd_mach_o_encryption_info_command;
+
+ typedef struct bfd_mach_o_main_command
+ {
+- bfd_uint64_t entryoff;
+- bfd_uint64_t stacksize;
++ uint64_t entryoff;
++ uint64_t stacksize;
+ }
+ bfd_mach_o_main_command;
+
+@@ -563,8 +563,8 @@ bfd_mach_o_source_version_command;
+ typedef struct bfd_mach_o_note_command
+ {
+ char data_owner[16];
+- bfd_uint64_t offset;
+- bfd_uint64_t size;
++ uint64_t offset;
++ uint64_t size;
+ }
+ bfd_mach_o_note_command;
+
+diff --git a/bfd/netbsd-core.c b/bfd/netbsd-core.c
+index cb215937da6..ffc8e50842c 100644
+--- a/bfd/netbsd-core.c
++++ b/bfd/netbsd-core.c
+@@ -257,9 +257,9 @@ swap_abort (void)
+ #define NO_GET ((bfd_vma (*) (const void *)) swap_abort)
+ #define NO_PUT ((void (*) (bfd_vma, void *)) swap_abort)
+ #define NO_GETS ((bfd_signed_vma (*) (const void *)) swap_abort)
+-#define NO_GET64 ((bfd_uint64_t (*) (const void *)) swap_abort)
+-#define NO_PUT64 ((void (*) (bfd_uint64_t, void *)) swap_abort)
+-#define NO_GETS64 ((bfd_int64_t (*) (const void *)) swap_abort)
++#define NO_GET64 ((uint64_t (*) (const void *)) swap_abort)
++#define NO_PUT64 ((void (*) (uint64_t, void *)) swap_abort)
++#define NO_GETS64 ((int64_t (*) (const void *)) swap_abort)
+
+ const bfd_target core_netbsd_vec =
+ {
+diff --git a/bfd/osf-core.c b/bfd/osf-core.c
+index 09a04a07624..04434b2045c 100644
+--- a/bfd/osf-core.c
++++ b/bfd/osf-core.c
+@@ -169,9 +169,9 @@ swap_abort (void)
+ #define NO_GET ((bfd_vma (*) (const void *)) swap_abort)
+ #define NO_PUT ((void (*) (bfd_vma, void *)) swap_abort)
+ #define NO_GETS ((bfd_signed_vma (*) (const void *)) swap_abort)
+-#define NO_GET64 ((bfd_uint64_t (*) (const void *)) swap_abort)
+-#define NO_PUT64 ((void (*) (bfd_uint64_t, void *)) swap_abort)
+-#define NO_GETS64 ((bfd_int64_t (*) (const void *)) swap_abort)
++#define NO_GET64 ((uint64_t (*) (const void *)) swap_abort)
++#define NO_PUT64 ((void (*) (uint64_t, void *)) swap_abort)
++#define NO_GETS64 ((int64_t (*) (const void *)) swap_abort)
+
+ const bfd_target core_osf_vec =
+ {
+diff --git a/bfd/ptrace-core.c b/bfd/ptrace-core.c
+index 3d077d21200..c4afffbfb95 100644
+--- a/bfd/ptrace-core.c
++++ b/bfd/ptrace-core.c
+@@ -160,9 +160,9 @@ swap_abort (void)
+ #define NO_GET ((bfd_vma (*) (const void *)) swap_abort)
+ #define NO_PUT ((void (*) (bfd_vma, void *)) swap_abort)
+ #define NO_GETS ((bfd_signed_vma (*) (const void *)) swap_abort)
+-#define NO_GET64 ((bfd_uint64_t (*) (const void *)) swap_abort)
+-#define NO_PUT64 ((void (*) (bfd_uint64_t, void *)) swap_abort)
+-#define NO_GETS64 ((bfd_int64_t (*) (const void *)) swap_abort)
++#define NO_GET64 ((uint64_t (*) (const void *)) swap_abort)
++#define NO_PUT64 ((void (*) (uint64_t, void *)) swap_abort)
++#define NO_GETS64 ((int64_t (*) (const void *)) swap_abort)
+
+ const bfd_target core_ptrace_vec =
+ {
+diff --git a/bfd/sco5-core.c b/bfd/sco5-core.c
+index d1f80c9079f..7807ac86a65 100644
+--- a/bfd/sco5-core.c
++++ b/bfd/sco5-core.c
+@@ -340,9 +340,9 @@ swap_abort (void)
+ #define NO_GET ((bfd_vma (*) (const void *)) swap_abort)
+ #define NO_PUT ((void (*) (bfd_vma, void *)) swap_abort)
+ #define NO_GETS ((bfd_signed_vma (*) (const void *)) swap_abort)
+-#define NO_GET64 ((bfd_uint64_t (*) (const void *)) swap_abort)
+-#define NO_PUT64 ((void (*) (bfd_uint64_t, void *)) swap_abort)
+-#define NO_GETS64 ((bfd_int64_t (*) (const void *)) swap_abort)
++#define NO_GET64 ((uint64_t (*) (const void *)) swap_abort)
++#define NO_PUT64 ((void (*) (uint64_t, void *)) swap_abort)
++#define NO_GETS64 ((int64_t (*) (const void *)) swap_abort)
+
+ const bfd_target core_sco5_vec =
+ {
+diff --git a/bfd/targets.c b/bfd/targets.c
+index 05dd8236d91..f44b5c67724 100644
+--- a/bfd/targets.c
++++ b/bfd/targets.c
+@@ -226,9 +226,9 @@ DESCRIPTION
+ . {* Entries for byte swapping for data. These are different from the
+ . other entry points, since they don't take a BFD as the first argument.
+ . Certain other handlers could do the same. *}
+-. bfd_uint64_t (*bfd_getx64) (const void *);
+-. bfd_int64_t (*bfd_getx_signed_64) (const void *);
+-. void (*bfd_putx64) (bfd_uint64_t, void *);
++. uint64_t (*bfd_getx64) (const void *);
++. int64_t (*bfd_getx_signed_64) (const void *);
++. void (*bfd_putx64) (uint64_t, void *);
+ . bfd_vma (*bfd_getx32) (const void *);
+ . bfd_signed_vma (*bfd_getx_signed_32) (const void *);
+ . void (*bfd_putx32) (bfd_vma, void *);
+@@ -237,9 +237,9 @@ DESCRIPTION
+ . void (*bfd_putx16) (bfd_vma, void *);
+ .
+ . {* Byte swapping for the headers. *}
+-. bfd_uint64_t (*bfd_h_getx64) (const void *);
+-. bfd_int64_t (*bfd_h_getx_signed_64) (const void *);
+-. void (*bfd_h_putx64) (bfd_uint64_t, void *);
++. uint64_t (*bfd_h_getx64) (const void *);
++. int64_t (*bfd_h_getx_signed_64) (const void *);
++. void (*bfd_h_putx64) (uint64_t, void *);
+ . bfd_vma (*bfd_h_getx32) (const void *);
+ . bfd_signed_vma (*bfd_h_getx_signed_32) (const void *);
+ . void (*bfd_h_putx32) (bfd_vma, void *);
+diff --git a/bfd/trad-core.c b/bfd/trad-core.c
+index 92a279b6a72..8e9ee0d6667 100644
+--- a/bfd/trad-core.c
++++ b/bfd/trad-core.c
+@@ -249,9 +249,9 @@ swap_abort (void)
+ #define NO_GET ((bfd_vma (*) (const void *)) swap_abort)
+ #define NO_PUT ((void (*) (bfd_vma, void *)) swap_abort)
+ #define NO_GETS ((bfd_signed_vma (*) (const void *)) swap_abort)
+-#define NO_GET64 ((bfd_uint64_t (*) (const void *)) swap_abort)
+-#define NO_PUT64 ((void (*) (bfd_uint64_t, void *)) swap_abort)
+-#define NO_GETS64 ((bfd_int64_t (*) (const void *)) swap_abort)
++#define NO_GET64 ((uint64_t (*) (const void *)) swap_abort)
++#define NO_PUT64 ((void (*) (uint64_t, void *)) swap_abort)
++#define NO_GETS64 ((int64_t (*) (const void *)) swap_abort)
+
+ const bfd_target core_trad_vec =
+ {
+diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
+index 1129c98f0e2..fd0762811df 100644
+--- a/bfd/vms-alpha.c
++++ b/bfd/vms-alpha.c
+@@ -522,7 +522,7 @@ _bfd_vms_slurp_eisd (bfd *abfd, unsigned int offset)
+ struct vms_eisd *eisd;
+ unsigned int rec_size;
+ unsigned int size;
+- bfd_uint64_t vaddr;
++ uint64_t vaddr;
+ unsigned int flags;
+ unsigned int vbn;
+ char *name = NULL;
+diff --git a/binutils/nm.c b/binutils/nm.c
+index 60e4d850885..539c5688425 100644
+--- a/binutils/nm.c
++++ b/binutils/nm.c
+@@ -1557,29 +1557,15 @@ get_print_format (void)
+ padding = "016";
+ }
+
+- const char * length = "l";
+- if (print_width == 64)
+- {
+-#if BFD_HOST_64BIT_LONG
+- ;
+-#elif BFD_HOST_64BIT_LONG_LONG
+-#ifndef __MSVCRT__
+- length = "ll";
+-#else
+- length = "I64";
+-#endif
+-#endif
+- }
+-
+ const char * radix = NULL;
+ switch (print_radix)
+ {
+- case 8: radix = "o"; break;
+- case 10: radix = "d"; break;
+- case 16: radix = "x"; break;
++ case 8: radix = PRIo64; break;
++ case 10: radix = PRId64; break;
++ case 16: radix = PRIx64; break;
+ }
+
+- return concat ("%", padding, length, radix, NULL);
++ return concat ("%", padding, radix, NULL);
+ }
+
+ static void
+@@ -1874,33 +1860,8 @@ print_value (bfd *abfd ATTRIBUTE_UNUSED, bfd_vma val)
+ switch (print_width)
+ {
+ case 32:
+- printf (print_format_string, (unsigned long) val);
+- break;
+-
+ case 64:
+-#if BFD_HOST_64BIT_LONG || BFD_HOST_64BIT_LONG_LONG
+- printf (print_format_string, val);
+-#else
+- /* We have a 64 bit value to print, but the host is only 32 bit. */
+- if (print_radix == 16)
+- bfd_fprintf_vma (abfd, stdout, val);
+- else
+- {
+- char buf[30];
+- char *s;
+-
+- s = buf + sizeof buf;
+- *--s = '\0';
+- while (val > 0)
+- {
+- *--s = (val % print_radix) + '0';
+- val /= print_radix;
+- }
+- while ((buf + sizeof buf - 1) - s < 16)
+- *--s = '0';
+- printf ("%s", s);
+- }
+-#endif
++ printf (print_format_string, (uint64_t) val);
+ break;
+
+ default:
+diff --git a/binutils/od-macho.c b/binutils/od-macho.c
+index 56d448ac3bd..e91c87d2acf 100644
+--- a/binutils/od-macho.c
++++ b/binutils/od-macho.c
+@@ -283,15 +283,6 @@ bfd_mach_o_print_flags (const bfd_mach_o_xlat_name *table,
+ printf ("-");
+ }
+
+-/* Print a bfd_uint64_t, using a platform independent style. */
+-
+-static void
+-printf_uint64 (bfd_uint64_t v)
+-{
+- printf ("0x%08lx%08lx",
+- (unsigned long)((v >> 16) >> 16), (unsigned long)(v & 0xffffffffUL));
+-}
+-
+ static const char *
+ bfd_mach_o_get_name_or_null (const bfd_mach_o_xlat_name *table,
+ unsigned long val)
+@@ -1729,26 +1720,20 @@ dump_load_command (bfd *abfd, bfd_mach_o_load_command *cmd,
+ }
+ case BFD_MACH_O_LC_MAIN:
+ {
+- bfd_mach_o_main_command *entry = &cmd->command.main;
+- printf (" entry offset: ");
+- printf_uint64 (entry->entryoff);
+- printf ("\n"
+- " stack size: ");
+- printf_uint64 (entry->stacksize);
+- printf ("\n");
+- break;
++ bfd_mach_o_main_command *entry = &cmd->command.main;
++ printf (" entry offset: %#016" PRIx64 "\n"
++ " stack size: %#016" PRIx64 "\n",
++ entry->entryoff, entry->stacksize);
++ break;
+ }
+ case BFD_MACH_O_LC_NOTE:
+ {
+- bfd_mach_o_note_command *note = &cmd->command.note;
+- printf (" data owner: %.16s\n", note->data_owner);
+- printf (" offset: ");
+- printf_uint64 (note->offset);
+- printf ("\n"
+- " size: ");
+- printf_uint64 (note->size);
+- printf ("\n");
+- break;
++ bfd_mach_o_note_command *note = &cmd->command.note;
++ printf (" data owner: %.16s\n"
++ " offset: %#016" PRIx64 "\n"
++ " size: %#016" PRIx64 "\n",
++ note->data_owner, note->offset, note->size);
++ break;
+ }
+ case BFD_MACH_O_LC_BUILD_VERSION:
+ dump_build_version (abfd, cmd);
+@@ -2013,14 +1998,11 @@ dump_obj_compact_unwind (bfd *abfd,
+ {
+ e = (struct mach_o_compact_unwind_64 *) p;
+
+- putchar (' ');
+- printf_uint64 (bfd_get_64 (abfd, e->start));
+- printf (" %08lx", (unsigned long)bfd_get_32 (abfd, e->length));
+- putchar (' ');
+- printf_uint64 (bfd_get_64 (abfd, e->personality));
+- putchar (' ');
+- printf_uint64 (bfd_get_64 (abfd, e->lsda));
+- putchar ('\n');
++ printf (" %#016" PRIx64 " %#08x %#016" PRIx64 " %#016" PRIx64 "\n",
++ (uint64_t) bfd_get_64 (abfd, e->start),
++ (unsigned int) bfd_get_32 (abfd, e->length),
++ (uint64_t) bfd_get_64 (abfd, e->personality),
++ (uint64_t) bfd_get_64 (abfd, e->lsda));
+
+ printf (" encoding: ");
+ dump_unwind_encoding (mdata, bfd_get_32 (abfd, e->encoding));
+diff --git a/binutils/prdbg.c b/binutils/prdbg.c
+index d6cbab8578b..c1e41628d26 100644
+--- a/binutils/prdbg.c
++++ b/binutils/prdbg.c
+@@ -485,41 +485,12 @@ pop_type (struct pr_handle *info)
+ static void
+ print_vma (bfd_vma vma, char *buf, bool unsignedp, bool hexp)
+ {
+- if (sizeof (vma) <= sizeof (unsigned long))
+- {
+- if (hexp)
+- sprintf (buf, "0x%lx", (unsigned long) vma);
+- else if (unsignedp)
+- sprintf (buf, "%lu", (unsigned long) vma);
+- else
+- sprintf (buf, "%ld", (long) vma);
+- }
+-#if BFD_HOST_64BIT_LONG_LONG
+- else if (sizeof (vma) <= sizeof (unsigned long long))
+- {
+-#ifndef __MSVCRT__
+- if (hexp)
+- sprintf (buf, "0x%llx", (unsigned long long) vma);
+- else if (unsignedp)
+- sprintf (buf, "%llu", (unsigned long long) vma);
+- else
+- sprintf (buf, "%lld", (long long) vma);
+-#else
+- if (hexp)
+- sprintf (buf, "0x%I64x", (unsigned long long) vma);
+- else if (unsignedp)
+- sprintf (buf, "%I64u", (unsigned long long) vma);
+- else
+- sprintf (buf, "%I64d", (long long) vma);
+-#endif
+- }
+-#endif
++ if (hexp)
++ sprintf (buf, "%#" PRIx64, (uint64_t) vma);
++ else if (unsignedp)
++ sprintf (buf, "%" PRIu64, (uint64_t) vma);
+ else
+- {
+- buf[0] = '0';
+- buf[1] = 'x';
+- sprintf_vma (buf + 2, vma);
+- }
++ sprintf (buf, "%" PRId64, (int64_t) vma);
+ }
+
+ /* Start a new compilation unit. */
+diff --git a/binutils/readelf.c b/binutils/readelf.c
+index c35bfc12366..4c0a2a34767 100644
+--- a/binutils/readelf.c
++++ b/binutils/readelf.c
+@@ -10729,7 +10729,7 @@ dynamic_section_parisc_val (Elf_Internal_Dyn * entry)
+ /* Display a VMS time in a human readable format. */
+
+ static void
+-print_vms_time (bfd_int64_t vmstime)
++print_vms_time (int64_t vmstime)
+ {
+ struct tm *tm = NULL;
+ time_t unxtime;
+@@ -20764,7 +20764,7 @@ print_ia64_vms_note (Elf_Internal_Note * pnote)
+ /* FIXME: Generate an error if descsz > 8 ? */
+
+ printf ("0x%016" BFD_VMA_FMT "x\n",
+- (bfd_vma) byte_get ((unsigned char *)pnote->descdata, 8));
++ (bfd_vma) byte_get ((unsigned char *) pnote->descdata, 8));
+ break;
+
+ case NT_VMS_LINKTIME:
+@@ -20773,8 +20773,7 @@ print_ia64_vms_note (Elf_Internal_Note * pnote)
+ goto desc_size_fail;
+ /* FIXME: Generate an error if descsz > 8 ? */
+
+- print_vms_time
+- ((bfd_int64_t) byte_get ((unsigned char *)pnote->descdata, 8));
++ print_vms_time (byte_get ((unsigned char *) pnote->descdata, 8));
+ printf ("\n");
+ break;
+
+@@ -20784,8 +20783,7 @@ print_ia64_vms_note (Elf_Internal_Note * pnote)
+ goto desc_size_fail;
+ /* FIXME: Generate an error if descsz > 8 ? */
+
+- print_vms_time
+- ((bfd_int64_t) byte_get ((unsigned char *)pnote->descdata, 8));
++ print_vms_time (byte_get ((unsigned char *) pnote->descdata, 8));
+ printf ("\n");
+ break;
+
+@@ -20794,16 +20792,15 @@ print_ia64_vms_note (Elf_Internal_Note * pnote)
+ goto desc_size_fail;
+
+ printf (_(" Major id: %u, minor id: %u\n"),
+- (unsigned) byte_get ((unsigned char *)pnote->descdata, 4),
+- (unsigned) byte_get ((unsigned char *)pnote->descdata + 4, 4));
++ (unsigned) byte_get ((unsigned char *) pnote->descdata, 4),
++ (unsigned) byte_get ((unsigned char *) pnote->descdata + 4, 4));
+ printf (_(" Last modified : "));
+- print_vms_time
+- ((bfd_int64_t) byte_get ((unsigned char *)pnote->descdata + 8, 8));
++ print_vms_time (byte_get ((unsigned char *) pnote->descdata + 8, 8));
+ printf (_("\n Link flags : "));
+ printf ("0x%016" BFD_VMA_FMT "x\n",
+- (bfd_vma) byte_get ((unsigned char *)pnote->descdata + 16, 8));
++ (bfd_vma) byte_get ((unsigned char *) pnote->descdata + 16, 8));
+ printf (_(" Header flags: 0x%08x\n"),
+- (unsigned) byte_get ((unsigned char *)pnote->descdata + 24, 4));
++ (unsigned) byte_get ((unsigned char *) pnote->descdata + 24, 4));
+ printf (_(" Image id : %.*s\n"), maxlen - 32, pnote->descdata + 32);
+ break;
+ #endif
+diff --git a/gas/config/tc-arm.c b/gas/config/tc-arm.c
+index 1721097cfca..2e6d175482e 100644
+--- a/gas/config/tc-arm.c
++++ b/gas/config/tc-arm.c
+@@ -3565,7 +3565,7 @@ add_to_lit_pool (unsigned int nbytes)
+ imm1 = inst.operands[1].imm;
+ imm2 = (inst.operands[1].regisimm ? inst.operands[1].reg
+ : inst.relocs[0].exp.X_unsigned ? 0
+- : ((bfd_int64_t) inst.operands[1].imm) >> 32);
++ : (int64_t) inst.operands[1].imm >> 32);
+ if (target_big_endian)
+ {
+ imm1 = imm2;
+@@ -8819,15 +8819,14 @@ neon_cmode_for_move_imm (unsigned immlo, unsigned immhi, int float_p,
+ return FAIL;
+ }
+
+-#if defined BFD_HOST_64_BIT
+ /* Returns TRUE if double precision value V may be cast
+ to single precision without loss of accuracy. */
+
+ static bool
+-is_double_a_single (bfd_uint64_t v)
++is_double_a_single (uint64_t v)
+ {
+ int exp = (v >> 52) & 0x7FF;
+- bfd_uint64_t mantissa = v & 0xFFFFFFFFFFFFFULL;
++ uint64_t mantissa = v & 0xFFFFFFFFFFFFFULL;
+
+ return ((exp == 0 || exp == 0x7FF
+ || (exp >= 1023 - 126 && exp <= 1023 + 127))
+@@ -8838,11 +8837,11 @@ is_double_a_single (bfd_uint64_t v)
+ (ignoring the least significant bits in exponent and mantissa). */
+
+ static int
+-double_to_single (bfd_uint64_t v)
++double_to_single (uint64_t v)
+ {
+ unsigned int sign = (v >> 63) & 1;
+ int exp = (v >> 52) & 0x7FF;
+- bfd_uint64_t mantissa = v & 0xFFFFFFFFFFFFFULL;
++ uint64_t mantissa = v & 0xFFFFFFFFFFFFFULL;
+
+ if (exp == 0x7FF)
+ exp = 0xFF;
+@@ -8865,7 +8864,6 @@ double_to_single (bfd_uint64_t v)
+ mantissa >>= 29;
+ return (sign << 31) | (exp << 23) | mantissa;
+ }
+-#endif /* BFD_HOST_64_BIT */
+
+ enum lit_type
+ {
+@@ -8914,11 +8912,7 @@ move_or_literal_pool (int i, enum lit_type t, bool mode_3)
+ if (inst.relocs[0].exp.X_op == O_constant
+ || inst.relocs[0].exp.X_op == O_big)
+ {
+-#if defined BFD_HOST_64_BIT
+- bfd_uint64_t v;
+-#else
+- valueT v;
+-#endif
++ uint64_t v;
+ if (inst.relocs[0].exp.X_op == O_big)
+ {
+ LITTLENUM_TYPE w[X_PRECISION];
+@@ -8933,7 +8927,6 @@ move_or_literal_pool (int i, enum lit_type t, bool mode_3)
+ else
+ l = generic_bignum;
+
+-#if defined BFD_HOST_64_BIT
+ v = l[3] & LITTLENUM_MASK;
+ v <<= LITTLENUM_NUMBER_OF_BITS;
+ v |= l[2] & LITTLENUM_MASK;
+@@ -8941,11 +8934,6 @@ move_or_literal_pool (int i, enum lit_type t, bool mode_3)
+ v |= l[1] & LITTLENUM_MASK;
+ v <<= LITTLENUM_NUMBER_OF_BITS;
+ v |= l[0] & LITTLENUM_MASK;
+-#else
+- v = l[1] & LITTLENUM_MASK;
+- v <<= LITTLENUM_NUMBER_OF_BITS;
+- v |= l[0] & LITTLENUM_MASK;
+-#endif
+ }
+ else
+ v = inst.relocs[0].exp.X_add_number;
+@@ -9041,7 +9029,7 @@ move_or_literal_pool (int i, enum lit_type t, bool mode_3)
+ ? inst.operands[1].reg
+ : inst.relocs[0].exp.X_unsigned
+ ? 0
+- : ((bfd_int64_t)((int) immlo)) >> 32;
++ : (int64_t) (int) immlo >> 32;
+ int cmode = neon_cmode_for_move_imm (immlo, immhi, false, &immbits,
+ &op, 64, NT_invtype);
+
+@@ -9090,7 +9078,6 @@ move_or_literal_pool (int i, enum lit_type t, bool mode_3)
+ discrepancy between the output produced by an assembler built for
+ a 32-bit-only host and the output produced from a 64-bit host, but
+ this cannot be helped. */
+-#if defined BFD_HOST_64_BIT
+ else if (!inst.operands[1].issingle
+ && ARM_CPU_HAS_FEATURE (cpu_variant, fpu_vfp_ext_v3))
+ {
+@@ -9103,7 +9090,6 @@ move_or_literal_pool (int i, enum lit_type t, bool mode_3)
+ return true;
+ }
+ }
+-#endif
+ }
+ }
+
+diff --git a/gas/config/tc-csky.c b/gas/config/tc-csky.c
+index 2371eeb747e..5b824d89af0 100644
+--- a/gas/config/tc-csky.c
++++ b/gas/config/tc-csky.c
+@@ -215,7 +215,7 @@ enum
+ unsigned int mach_flag = 0;
+ unsigned int arch_flag = 0;
+ unsigned int other_flag = 0;
+-BFD_HOST_U_64_BIT isa_flag = 0;
++uint64_t isa_flag = 0;
+ unsigned int dsp_flag = 0;
+
+ typedef struct stack_size_entry
+@@ -245,7 +245,7 @@ struct csky_macro_info
+ const char *name;
+ /* How many operands : if operands == 5, all of 1,2,3,4 are ok. */
+ long oprnd_num;
+- BFD_HOST_U_64_BIT isa_flag;
++ uint64_t isa_flag;
+ /* Do the work. */
+ void (*handle_func)(void);
+ };
+@@ -591,14 +591,14 @@ struct csky_cpu_feature
+ {
+ const char unique;
+ unsigned int arch_flag;
+- bfd_uint64_t isa_flag;
++ uint64_t isa_flag;
+ };
+
+ struct csky_cpu_version
+ {
+ int r;
+ int p;
+- bfd_uint64_t isa_flag;
++ uint64_t isa_flag;
+ };
+
+ #define CSKY_FEATURE_MAX 10
+@@ -608,7 +608,7 @@ struct csky_cpu_info
+ {
+ const char *name;
+ unsigned int arch_flag;
+- bfd_uint64_t isa_flag;
++ uint64_t isa_flag;
+ struct csky_cpu_feature features[CSKY_FEATURE_MAX];
+ struct csky_cpu_version ver[CSKY_CPU_REVERISON_MAX];
+ };
+diff --git a/gas/config/tc-sparc.c b/gas/config/tc-sparc.c
+index 222223f3549..4e443b1d28d 100644
+--- a/gas/config/tc-sparc.c
++++ b/gas/config/tc-sparc.c
+@@ -75,10 +75,10 @@ static enum { MM_TSO, MM_PSO, MM_RMO } sparc_memory_model = MM_RMO;
+ #ifndef TE_SOLARIS
+ /* Bitmask of instruction types seen so far, used to populate the
+ GNU attributes section with hwcap information. */
+-static bfd_uint64_t hwcap_seen;
++static uint64_t hwcap_seen;
+ #endif
+
+-static bfd_uint64_t hwcap_allowed;
++static uint64_t hwcap_allowed;
+
+ static int architecture_requested;
+ static int warn_on_bump;
+@@ -498,15 +498,15 @@ md_parse_option (int c, const char *arg)
+ || opcode_arch > max_architecture)
+ max_architecture = opcode_arch;
+
+- /* The allowed hardware capabilities are the implied by the
+- opcodes arch plus any extra capabilities defined in the GAS
+- arch. */
+- hwcap_allowed
+- = (hwcap_allowed
+- | (((bfd_uint64_t) sparc_opcode_archs[opcode_arch].hwcaps2) << 32)
+- | (((bfd_uint64_t) sa->hwcap2_allowed) << 32)
+- | sparc_opcode_archs[opcode_arch].hwcaps
+- | sa->hwcap_allowed);
++ /* The allowed hardware capabilities are the implied by the
++ opcodes arch plus any extra capabilities defined in the GAS
++ arch. */
++ hwcap_allowed
++ = (hwcap_allowed
++ | ((uint64_t) sparc_opcode_archs[opcode_arch].hwcaps2 << 32)
++ | ((uint64_t) sa->hwcap2_allowed << 32)
++ | sparc_opcode_archs[opcode_arch].hwcaps
++ | sa->hwcap_allowed);
+ architecture_requested = 1;
+ }
+ break;
+@@ -1607,7 +1607,7 @@ md_assemble (char *str)
+ }
+
+ static const char *
+-get_hwcap_name (bfd_uint64_t mask)
++get_hwcap_name (uint64_t mask)
+ {
+ if (mask & HWCAP_MUL32)
+ return "mul32";
+@@ -3171,8 +3171,7 @@ sparc_ip (char *str, const struct sparc_opcode **pinsn)
+ msg_str = sasi->name;
+ }
+
+- bfd_uint64_t hwcaps
+- = (((bfd_uint64_t) insn->hwcaps2) << 32) | insn->hwcaps;
++ uint64_t hwcaps = ((uint64_t) insn->hwcaps2 << 32) | insn->hwcaps;
+
+ #ifndef TE_SOLARIS
+ if (hwcaps)
+@@ -3211,10 +3210,10 @@ sparc_ip (char *str, const struct sparc_opcode **pinsn)
+ }
+ current_architecture = needed_architecture;
+ hwcap_allowed
+- = (hwcap_allowed
+- | hwcaps
+- | (((bfd_uint64_t) sparc_opcode_archs[current_architecture].hwcaps2) << 32)
+- | sparc_opcode_archs[current_architecture].hwcaps);
++ = (hwcap_allowed
++ | hwcaps
++ | ((uint64_t) sparc_opcode_archs[current_architecture].hwcaps2 << 32)
++ | sparc_opcode_archs[current_architecture].hwcaps);
+ }
+ /* Conflict. */
+ /* ??? This seems to be a bit fragile. What if the next entry in
+diff --git a/gas/config/tc-tilegx.c b/gas/config/tc-tilegx.c
+index b627b7080e5..4fcc38c9034 100644
+--- a/gas/config/tc-tilegx.c
++++ b/gas/config/tc-tilegx.c
+@@ -789,16 +789,16 @@ emit_tilegx_instruction (tilegx_bundle_bits bits,
+ static void
+ check_illegal_reg_writes (void)
+ {
+- BFD_HOST_U_64_BIT all_regs_written = 0;
++ uint64_t all_regs_written = 0;
+ int j;
+
+ for (j = 0; j < current_bundle_index; j++)
+ {
+ const struct tilegx_instruction *instr = &current_bundle[j];
+ int k;
+- BFD_HOST_U_64_BIT regs =
+- ((BFD_HOST_U_64_BIT)1) << instr->opcode->implicitly_written_register;
+- BFD_HOST_U_64_BIT conflict;
++ uint64_t regs =
++ (uint64_t) 1 << instr->opcode->implicitly_written_register;
++ uint64_t conflict;
+
+ for (k = 0; k < instr->opcode->num_operands; k++)
+ {
+@@ -808,12 +808,12 @@ check_illegal_reg_writes (void)
+ if (operand->is_dest_reg)
+ {
+ int regno = instr->operand_values[k].X_add_number;
+- BFD_HOST_U_64_BIT mask = ((BFD_HOST_U_64_BIT)1) << regno;
++ uint64_t mask = (uint64_t) 1 << regno;
+
+- if ((mask & ( (((BFD_HOST_U_64_BIT)1) << TREG_IDN1)
+- | (((BFD_HOST_U_64_BIT)1) << TREG_UDN1)
+- | (((BFD_HOST_U_64_BIT)1) << TREG_UDN2)
+- | (((BFD_HOST_U_64_BIT)1) << TREG_UDN3))) != 0
++ if ((mask & ( ((uint64_t) 1 << TREG_IDN1)
++ | ((uint64_t) 1 << TREG_UDN1)
++ | ((uint64_t) 1 << TREG_UDN2)
++ | ((uint64_t) 1 << TREG_UDN3))) != 0
+ && !allow_suspicious_bundles)
+ {
+ as_bad (_("Writes to register '%s' are not allowed."),
+@@ -825,7 +825,7 @@ check_illegal_reg_writes (void)
+ }
+
+ /* Writing to the zero register doesn't count. */
+- regs &= ~(((BFD_HOST_U_64_BIT)1) << TREG_ZERO);
++ regs &= ~((uint64_t) 1 << TREG_ZERO);
+
+ conflict = all_regs_written & regs;
+ if (conflict != 0 && !allow_suspicious_bundles)
+diff --git a/gas/config/tc-tilepro.c b/gas/config/tc-tilepro.c
+index af0be422f98..ca092d77a4b 100644
+--- a/gas/config/tc-tilepro.c
++++ b/gas/config/tc-tilepro.c
+@@ -677,16 +677,16 @@ emit_tilepro_instruction (tilepro_bundle_bits bits,
+ static void
+ check_illegal_reg_writes (void)
+ {
+- BFD_HOST_U_64_BIT all_regs_written = 0;
++ uint64_t all_regs_written = 0;
+ int j;
+
+ for (j = 0; j < current_bundle_index; j++)
+ {
+ const struct tilepro_instruction *instr = &current_bundle[j];
+ int k;
+- BFD_HOST_U_64_BIT regs =
+- ((BFD_HOST_U_64_BIT)1) << instr->opcode->implicitly_written_register;
+- BFD_HOST_U_64_BIT conflict;
++ uint64_t regs =
++ (uint64_t) 1 << instr->opcode->implicitly_written_register;
++ uint64_t conflict;
+
+ for (k = 0; k < instr->opcode->num_operands; k++)
+ {
+@@ -696,12 +696,12 @@ check_illegal_reg_writes (void)
+ if (operand->is_dest_reg)
+ {
+ int regno = instr->operand_values[k].X_add_number;
+- BFD_HOST_U_64_BIT mask = ((BFD_HOST_U_64_BIT)1) << regno;
++ uint64_t mask = (uint64_t) 1 << regno;
+
+- if ((mask & ( (((BFD_HOST_U_64_BIT)1) << TREG_IDN1)
+- | (((BFD_HOST_U_64_BIT)1) << TREG_UDN1)
+- | (((BFD_HOST_U_64_BIT)1) << TREG_UDN2)
+- | (((BFD_HOST_U_64_BIT)1) << TREG_UDN3))) != 0
++ if ((mask & ( ((uint64_t) 1 << TREG_IDN1)
++ | ((uint64_t) 1 << TREG_UDN1)
++ | ((uint64_t) 1 << TREG_UDN2)
++ | ((uint64_t) 1 << TREG_UDN3))) != 0
+ && !allow_suspicious_bundles)
+ {
+ as_bad (_("Writes to register '%s' are not allowed."),
+@@ -713,7 +713,7 @@ check_illegal_reg_writes (void)
+ }
+
+ /* Writing to the zero register doesn't count. */
+- regs &= ~(((BFD_HOST_U_64_BIT)1) << TREG_ZERO);
++ regs &= ~((uint64_t) 1 << TREG_ZERO);
+
+ conflict = all_regs_written & regs;
+ if (conflict != 0 && !allow_suspicious_bundles)
+diff --git a/gas/config/tc-z80.c b/gas/config/tc-z80.c
+index 81fbfe3b0ae..714e704e24a 100644
+--- a/gas/config/tc-z80.c
++++ b/gas/config/tc-z80.c
+@@ -3910,11 +3910,11 @@ z80_tc_label_is_local (const char *name)
+ #define EXP_MIN -0x10000
+ #define EXP_MAX 0x10000
+ static int
+-str_to_broken_float (bool *signP, bfd_uint64_t *mantissaP, int *expP)
++str_to_broken_float (bool *signP, uint64_t *mantissaP, int *expP)
+ {
+ char *p;
+ bool sign;
+- bfd_uint64_t mantissa = 0;
++ uint64_t mantissa = 0;
+ int exponent = 0;
+ int i;
+
+@@ -4029,7 +4029,7 @@ str_to_broken_float (bool *signP, bfd_uint64_t *mantissaP, int *expP)
+ static const char *
+ str_to_zeda32(char *litP, int *sizeP)
+ {
+- bfd_uint64_t mantissa;
++ uint64_t mantissa;
+ bool sign;
+ int exponent;
+ unsigned i;
+@@ -4088,7 +4088,7 @@ str_to_zeda32(char *litP, int *sizeP)
+ static const char *
+ str_to_float48(char *litP, int *sizeP)
+ {
+- bfd_uint64_t mantissa;
++ uint64_t mantissa;
+ bool sign;
+ int exponent;
+ unsigned i;
+diff --git a/gas/config/te-vms.c b/gas/config/te-vms.c
+index 015c95867f0..6661a3b6a72 100644
+--- a/gas/config/te-vms.c
++++ b/gas/config/te-vms.c
+@@ -339,7 +339,7 @@ vms_file_stats_name (const char *dirname,
+ return 0;
+ }
+
+-bfd_uint64_t
++uint64_t
+ vms_dwarf2_file_time_name (const char *filename, const char *dirname)
+ {
+ long long cdt;
+diff --git a/gas/config/te-vms.h b/gas/config/te-vms.h
+index ffe7f5e8f37..08f218502de 100644
+--- a/gas/config/te-vms.h
++++ b/gas/config/te-vms.h
+@@ -20,7 +20,7 @@
+ #define TE_VMS
+ #include "obj-format.h"
+
+-extern bfd_uint64_t vms_dwarf2_file_time_name (const char *, const char *);
++extern uint64_t vms_dwarf2_file_time_name (const char *, const char *);
+ extern long vms_dwarf2_file_size_name (const char *, const char *);
+ extern char *vms_dwarf2_file_name (const char *, const char *);
+
+diff --git a/gdb/findcmd.c b/gdb/findcmd.c
+index ff13f22e970..ed2cea7b74d 100644
+--- a/gdb/findcmd.c
++++ b/gdb/findcmd.c
+@@ -30,7 +30,7 @@
+ /* Copied from bfd_put_bits. */
+
+ static void
+-put_bits (bfd_uint64_t data, gdb::byte_vector &buf, int bits, bfd_boolean big_p)
++put_bits (uint64_t data, gdb::byte_vector &buf, int bits, bfd_boolean big_p)
+ {
+ int i;
+ int bytes;
+diff --git a/gdb/tilegx-tdep.c b/gdb/tilegx-tdep.c
+index 7930db72779..9668aa80b53 100644
+--- a/gdb/tilegx-tdep.c
++++ b/gdb/tilegx-tdep.c
+@@ -375,7 +375,7 @@ tilegx_analyze_prologue (struct gdbarch* gdbarch,
+ CORE_ADDR instbuf_start;
+ unsigned int instbuf_size;
+ int status;
+- bfd_uint64_t bundle;
++ uint64_t bundle;
+ struct tilegx_decoded_instruction
+ decoded[TILEGX_MAX_INSTRUCTIONS_PER_BUNDLE];
+ int num_insns;
+diff --git a/gprof/gmon_io.c b/gprof/gmon_io.c
+index c613809d396..2b4dd26375b 100644
+--- a/gprof/gmon_io.c
++++ b/gprof/gmon_io.c
+@@ -48,10 +48,8 @@ enum gmon_ptr_signedness {
+ static enum gmon_ptr_size gmon_get_ptr_size (void);
+ static enum gmon_ptr_signedness gmon_get_ptr_signedness (void);
+
+-#ifdef BFD_HOST_U_64_BIT
+-static int gmon_io_read_64 (FILE *, BFD_HOST_U_64_BIT *);
+-static int gmon_io_write_64 (FILE *, BFD_HOST_U_64_BIT);
+-#endif
++static int gmon_io_read_64 (FILE *, uint64_t *);
++static int gmon_io_write_64 (FILE *, uint64_t);
+ static int gmon_read_raw_arc
+ (FILE *, bfd_vma *, bfd_vma *, unsigned long *);
+ static int gmon_write_raw_arc
+@@ -109,9 +107,8 @@ gmon_io_read_32 (FILE *ifp, unsigned int *valp)
+ return 0;
+ }
+
+-#ifdef BFD_HOST_U_64_BIT
+ static int
+-gmon_io_read_64 (FILE *ifp, BFD_HOST_U_64_BIT *valp)
++gmon_io_read_64 (FILE *ifp, uint64_t *valp)
+ {
+ char buf[8];
+
+@@ -120,15 +117,12 @@ gmon_io_read_64 (FILE *ifp, BFD_HOST_U_64_BIT *valp)
+ *valp = bfd_get_64 (core_bfd, buf);
+ return 0;
+ }
+-#endif
+
+ int
+ gmon_io_read_vma (FILE *ifp, bfd_vma *valp)
+ {
+ unsigned int val32;
+-#ifdef BFD_HOST_U_64_BIT
+- BFD_HOST_U_64_BIT val64;
+-#endif
++ uint64_t val64;
+
+ switch (gmon_get_ptr_size ())
+ {
+@@ -136,23 +130,19 @@ gmon_io_read_vma (FILE *ifp, bfd_vma *valp)
+ if (gmon_io_read_32 (ifp, &val32))
+ return 1;
+ if (gmon_get_ptr_signedness () == ptr_signed)
+- *valp = (int) val32;
++ *valp = (int) val32;
+ else
+- *valp = val32;
++ *valp = val32;
+ break;
+
+-#ifdef BFD_HOST_U_64_BIT
+ case ptr_64bit:
+ if (gmon_io_read_64 (ifp, &val64))
+ return 1;
+-#ifdef BFD_HOST_64_BIT
+ if (gmon_get_ptr_signedness () == ptr_signed)
+- *valp = (BFD_HOST_64_BIT) val64;
++ *valp = (int64_t) val64;
+ else
+-#endif
+- *valp = val64;
++ *valp = val64;
+ break;
+-#endif
+ }
+ return 0;
+ }
+@@ -176,9 +166,8 @@ gmon_io_write_32 (FILE *ofp, unsigned int val)
+ return 0;
+ }
+
+-#ifdef BFD_HOST_U_64_BIT
+ static int
+-gmon_io_write_64 (FILE *ofp, BFD_HOST_U_64_BIT val)
++gmon_io_write_64 (FILE *ofp, uint64_t val)
+ {
+ char buf[8];
+
+@@ -187,7 +176,6 @@ gmon_io_write_64 (FILE *ofp, BFD_HOST_U_64_BIT val)
+ return 1;
+ return 0;
+ }
+-#endif
+
+ int
+ gmon_io_write_vma (FILE *ofp, bfd_vma val)
+@@ -200,12 +188,10 @@ gmon_io_write_vma (FILE *ofp, bfd_vma val)
+ return 1;
+ break;
+
+-#ifdef BFD_HOST_U_64_BIT
+ case ptr_64bit:
+- if (gmon_io_write_64 (ofp, (BFD_HOST_U_64_BIT) val))
++ if (gmon_io_write_64 (ofp, (uint64_t) val))
+ return 1;
+ break;
+-#endif
+ }
+ return 0;
+ }
+@@ -232,9 +218,7 @@ gmon_io_write (FILE *ofp, char *buf, size_t n)
+ static int
+ gmon_read_raw_arc (FILE *ifp, bfd_vma *fpc, bfd_vma *spc, unsigned long *cnt)
+ {
+-#ifdef BFD_HOST_U_64_BIT
+- BFD_HOST_U_64_BIT cnt64;
+-#endif
++ uint64_t cnt64;
+ unsigned int cnt32;
+
+ if (gmon_io_read_vma (ifp, fpc)
+@@ -249,13 +233,11 @@ gmon_read_raw_arc (FILE *ifp, bfd_vma *fpc, bfd_vma *spc, unsigned long *cnt)
+ *cnt = cnt32;
+ break;
+
+-#ifdef BFD_HOST_U_64_BIT
+ case ptr_64bit:
+ if (gmon_io_read_64 (ifp, &cnt64))
+ return 1;
+ *cnt = cnt64;
+ break;
+-#endif
+
+ default:
+ return 1;
+@@ -278,12 +260,10 @@ gmon_write_raw_arc (FILE *ofp, bfd_vma fpc, bfd_vma spc, unsigned long cnt)
+ return 1;
+ break;
+
+-#ifdef BFD_HOST_U_64_BIT
+ case ptr_64bit:
+- if (gmon_io_write_64 (ofp, (BFD_HOST_U_64_BIT) cnt))
++ if (gmon_io_write_64 (ofp, (uint64_t) cnt))
+ return 1;
+ break;
+-#endif
+ }
+ return 0;
+ }
+diff --git a/include/elf/nfp.h b/include/elf/nfp.h
+index 5a06051196c..c89cefff27b 100644
+--- a/include/elf/nfp.h
++++ b/include/elf/nfp.h
+@@ -102,7 +102,7 @@ extern "C"
+ #define SHF_NFP_INIT 0x80000000
+ #define SHF_NFP_INIT2 0x40000000
+ #define SHF_NFP_SCS(shf) (((shf) >> 32) & 0xFF)
+-#define SHF_NFP_SET_SCS(v) (((BFD_HOST_U_64_BIT)((v) & 0xFF)) << 32)
++#define SHF_NFP_SET_SCS(v) ((uint64_t) ((v) & 0xFF) << 32)
+
+ /* NFP Section Info
+ For PROGBITS and NOBITS sections:
+diff --git a/include/opcode/csky.h b/include/opcode/csky.h
+index ed00bfd7cd6..faecba11611 100644
+--- a/include/opcode/csky.h
++++ b/include/opcode/csky.h
+@@ -22,46 +22,46 @@
+ #include "dis-asm.h"
+
+ /* The following bitmasks control instruction set architecture. */
+-#define CSKYV1_ISA_E1 ((bfd_uint64_t)1 << 0)
+-#define CSKYV2_ISA_E1 ((bfd_uint64_t)1 << 1)
+-#define CSKYV2_ISA_1E2 ((bfd_uint64_t)1 << 2)
+-#define CSKYV2_ISA_2E3 ((bfd_uint64_t)1 << 3)
+-#define CSKYV2_ISA_3E7 ((bfd_uint64_t)1 << 4)
+-#define CSKYV2_ISA_7E10 ((bfd_uint64_t)1 << 5)
+-#define CSKYV2_ISA_3E3R1 ((bfd_uint64_t)1 << 6)
+-#define CSKYV2_ISA_3E3R2 ((bfd_uint64_t)1 << 7)
+-#define CSKYV2_ISA_10E60 ((bfd_uint64_t)1 << 8)
+-#define CSKYV2_ISA_3E3R3 ((bfd_uint64_t)1 << 9)
+-
+-#define CSKY_ISA_TRUST ((bfd_uint64_t)1 << 11)
+-#define CSKY_ISA_CACHE ((bfd_uint64_t)1 << 12)
+-#define CSKY_ISA_NVIC ((bfd_uint64_t)1 << 13)
+-#define CSKY_ISA_CP ((bfd_uint64_t)1 << 14)
+-#define CSKY_ISA_MP ((bfd_uint64_t)1 << 15)
+-#define CSKY_ISA_MP_1E2 ((bfd_uint64_t)1 << 16)
+-#define CSKY_ISA_JAVA ((bfd_uint64_t)1 << 17)
+-#define CSKY_ISA_MAC ((bfd_uint64_t)1 << 18)
+-#define CSKY_ISA_MAC_DSP ((bfd_uint64_t)1 << 19)
++#define CSKYV1_ISA_E1 ((uint64_t) 1 << 0)
++#define CSKYV2_ISA_E1 ((uint64_t) 1 << 1)
++#define CSKYV2_ISA_1E2 ((uint64_t) 1 << 2)
++#define CSKYV2_ISA_2E3 ((uint64_t) 1 << 3)
++#define CSKYV2_ISA_3E7 ((uint64_t) 1 << 4)
++#define CSKYV2_ISA_7E10 ((uint64_t) 1 << 5)
++#define CSKYV2_ISA_3E3R1 ((uint64_t) 1 << 6)
++#define CSKYV2_ISA_3E3R2 ((uint64_t) 1 << 7)
++#define CSKYV2_ISA_10E60 ((uint64_t) 1 << 8)
++#define CSKYV2_ISA_3E3R3 ((uint64_t) 1 << 9)
++
++#define CSKY_ISA_TRUST ((uint64_t) 1 << 11)
++#define CSKY_ISA_CACHE ((uint64_t) 1 << 12)
++#define CSKY_ISA_NVIC ((uint64_t) 1 << 13)
++#define CSKY_ISA_CP ((uint64_t) 1 << 14)
++#define CSKY_ISA_MP ((uint64_t) 1 << 15)
++#define CSKY_ISA_MP_1E2 ((uint64_t) 1 << 16)
++#define CSKY_ISA_JAVA ((uint64_t) 1 << 17)
++#define CSKY_ISA_MAC ((uint64_t) 1 << 18)
++#define CSKY_ISA_MAC_DSP ((uint64_t) 1 << 19)
+
+ /* Base ISA for csky v1 and v2. */
+-#define CSKY_ISA_DSP ((bfd_uint64_t)1 << 20)
+-#define CSKY_ISA_DSP_1E2 ((bfd_uint64_t)1 << 21)
+-#define CSKY_ISA_DSP_ENHANCE ((bfd_uint64_t)1 << 22)
+-#define CSKY_ISA_DSPE60 ((bfd_uint64_t)1 << 23)
++#define CSKY_ISA_DSP ((uint64_t) 1 << 20)
++#define CSKY_ISA_DSP_1E2 ((uint64_t) 1 << 21)
++#define CSKY_ISA_DSP_ENHANCE ((uint64_t) 1 << 22)
++#define CSKY_ISA_DSPE60 ((uint64_t) 1 << 23)
+
+ /* Base float instruction (803f & 810f). */
+-#define CSKY_ISA_FLOAT_E1 ((bfd_uint64_t)1 << 25)
++#define CSKY_ISA_FLOAT_E1 ((uint64_t) 1 << 25)
+ /* M_FLOAT support (810f). */
+-#define CSKY_ISA_FLOAT_1E2 ((bfd_uint64_t)1 << 26)
++#define CSKY_ISA_FLOAT_1E2 ((uint64_t) 1 << 26)
+ /* 803 support (803f). */
+-#define CSKY_ISA_FLOAT_1E3 ((bfd_uint64_t)1 << 27)
++#define CSKY_ISA_FLOAT_1E3 ((uint64_t) 1 << 27)
+ /* 807 support (803f & 807f). */
+-#define CSKY_ISA_FLOAT_3E4 ((bfd_uint64_t)1 << 28)
++#define CSKY_ISA_FLOAT_3E4 ((uint64_t) 1 << 28)
+ /* 860 support. */
+-#define CSKY_ISA_FLOAT_7E60 ((bfd_uint64_t)1 << 36)
++#define CSKY_ISA_FLOAT_7E60 ((uint64_t) 1 << 36)
+ /* Vector DSP support. */
+-#define CSKY_ISA_VDSP ((bfd_uint64_t)1 << 29)
+-#define CSKY_ISA_VDSP_2 ((bfd_uint64_t)1 << 30)
++#define CSKY_ISA_VDSP ((uint64_t) 1 << 29)
++#define CSKY_ISA_VDSP_2 ((uint64_t) 1 << 30)
+
+ /* The following bitmasks control cpu architecture for CSKY. */
+ #define CSKY_ABI_V1 (1 << 28)
+diff --git a/include/opcode/ia64.h b/include/opcode/ia64.h
+index fbdd8f14e65..42a6812c3f8 100644
+--- a/include/opcode/ia64.h
++++ b/include/opcode/ia64.h
+@@ -29,7 +29,7 @@
+ extern "C" {
+ #endif
+
+-typedef BFD_HOST_U_64_BIT ia64_insn;
++typedef uint64_t ia64_insn;
+
+ enum ia64_insn_type
+ {
+diff --git a/opcodes/csky-dis.c b/opcodes/csky-dis.c
+index b7c833623e5..99103ff57b5 100644
+--- a/opcodes/csky-dis.c
++++ b/opcodes/csky-dis.c
+@@ -49,7 +49,7 @@ struct csky_dis_info
+ disassemble_info *info;
+ /* Opcode information. */
+ struct csky_opcode_info const *opinfo;
+- BFD_HOST_U_64_BIT isa;
++ uint64_t isa;
+ /* The value of operand to show. */
+ int value;
+ /* Whether to look up/print a symbol name. */
+diff --git a/opcodes/csky-opc.h b/opcodes/csky-opc.h
+index b65efe19d9f..d2db90ede95 100644
+--- a/opcodes/csky-opc.h
++++ b/opcodes/csky-opc.h
+@@ -271,8 +271,8 @@ struct csky_opcode
+ /* Encodings for 32-bit opcodes. */
+ struct csky_opcode_info op32[OP_TABLE_NUM];
+ /* Instruction set flag. */
+- BFD_HOST_U_64_BIT isa_flag16;
+- BFD_HOST_U_64_BIT isa_flag32;
++ uint64_t isa_flag16;
++ uint64_t isa_flag32;
+ /* Whether this insn needs relocation, 0: no, !=0: yes. */
+ signed int reloc16;
+ signed int reloc32;
+diff --git a/opcodes/ia64-dis.c b/opcodes/ia64-dis.c
+index 5eb37277a5d..e76f40393c6 100644
+--- a/opcodes/ia64-dis.c
++++ b/opcodes/ia64-dis.c
+@@ -73,7 +73,7 @@ print_insn_ia64 (bfd_vma memaddr, struct disassemble_info *info)
+ const struct ia64_operand *odesc;
+ const struct ia64_opcode *idesc;
+ const char *err, *str, *tname;
+- BFD_HOST_U_64_BIT value;
++ uint64_t value;
+ bfd_byte bundle[16];
+ enum ia64_unit unit;
+ char regname[16];
+--
+2.31.1
+
diff --git a/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-3.patch b/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-3.patch
new file mode 100644
index 0000000000..6a838ea3ea
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-3.patch
@@ -0,0 +1,156 @@
+From 31d6c13defeba7716ebc9d5c8f81f2f35fe39980 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 14 Jun 2022 12:46:42 +0930
+Subject: [PATCH] PR29230, segv in lookup_symbol_in_variable_table
+
+The PR23230 testcase uses indexed strings without specifying
+SW_AT_str_offsets_base. In this case we left u.str with garbage (from
+u.val) which then led to a segfault when attempting to access the
+string. Fix that by clearing u.str. The patch also adds missing
+sanity checks in the recently committed read_indexed_address and
+read_indexed_string functions.
+
+ PR 29230
+ * dwarf2.c (read_indexed_address): Return uint64_t. Sanity check idx.
+ (read_indexed_string): Use uint64_t for str_offset. Sanity check idx.
+ (read_attribute_value): Clear u.str for indexed string forms when
+ DW_AT_str_offsets_base is not yet read or missing.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=31d6c13defeba7716ebc9d5c8f81f2f35fe39980]
+
+CVE: CVE-2023-1579
+
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+
+---
+ bfd/dwarf2.c | 51 ++++++++++++++++++++++++++++++++++++++++++---------
+ 1 file changed, 42 insertions(+), 9 deletions(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 51018e1ab45..aaa2d84887f 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -1353,13 +1353,13 @@ is_addrx_form (enum dwarf_form form)
+
+ /* Returns the address in .debug_addr section using DW_AT_addr_base.
+ Used to implement DW_FORM_addrx*. */
+-static bfd_vma
++static uint64_t
+ read_indexed_address (uint64_t idx, struct comp_unit *unit)
+ {
+ struct dwarf2_debug *stash = unit->stash;
+ struct dwarf2_debug_file *file = unit->file;
+- size_t addr_base = unit->dwarf_addr_offset;
+ bfd_byte *info_ptr;
++ size_t offset;
+
+ if (stash == NULL)
+ return 0;
+@@ -1369,12 +1369,23 @@ read_indexed_address (uint64_t idx, struct comp_unit *unit)
+ &file->dwarf_addr_buffer, &file->dwarf_addr_size))
+ return 0;
+
+- info_ptr = file->dwarf_addr_buffer + addr_base + idx * unit->offset_size;
++ if (_bfd_mul_overflow (idx, unit->offset_size, &offset))
++ return 0;
++
++ offset += unit->dwarf_addr_offset;
++ if (offset < unit->dwarf_addr_offset
++ || offset > file->dwarf_addr_size
++ || file->dwarf_addr_size - offset < unit->offset_size)
++ return 0;
++
++ info_ptr = file->dwarf_addr_buffer + offset;
+
+ if (unit->offset_size == 4)
+ return bfd_get_32 (unit->abfd, info_ptr);
+- else
++ else if (unit->offset_size == 8)
+ return bfd_get_64 (unit->abfd, info_ptr);
++ else
++ return 0;
+ }
+
+ /* Returns the string using DW_AT_str_offsets_base.
+@@ -1385,7 +1396,8 @@ read_indexed_string (uint64_t idx, struct comp_unit *unit)
+ struct dwarf2_debug *stash = unit->stash;
+ struct dwarf2_debug_file *file = unit->file;
+ bfd_byte *info_ptr;
+- unsigned long str_offset;
++ uint64_t str_offset;
++ size_t offset;
+
+ if (stash == NULL)
+ return NULL;
+@@ -1401,15 +1413,26 @@ read_indexed_string (uint64_t idx, struct comp_unit *unit)
+ &file->dwarf_str_offsets_size))
+ return NULL;
+
+- info_ptr = (file->dwarf_str_offsets_buffer
+- + unit->dwarf_str_offset
+- + idx * unit->offset_size);
++ if (_bfd_mul_overflow (idx, unit->offset_size, &offset))
++ return NULL;
++
++ offset += unit->dwarf_str_offset;
++ if (offset < unit->dwarf_str_offset
++ || offset > file->dwarf_str_offsets_size
++ || file->dwarf_str_offsets_size - offset < unit->offset_size)
++ return NULL;
++
++ info_ptr = file->dwarf_str_offsets_buffer + offset;
+
+ if (unit->offset_size == 4)
+ str_offset = bfd_get_32 (unit->abfd, info_ptr);
+- else
++ else if (unit->offset_size == 8)
+ str_offset = bfd_get_64 (unit->abfd, info_ptr);
++ else
++ return NULL;
+
++ if (str_offset >= file->dwarf_str_size)
++ return NULL;
+ return (const char *) file->dwarf_str_buffer + str_offset;
+ }
+
+@@ -1534,27 +1557,37 @@ read_attribute_value (struct attribute * attr,
+ is not yet read. */
+ if (unit->dwarf_str_offset != 0)
+ attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
++ else
++ attr->u.str = NULL;
+ break;
+ case DW_FORM_strx2:
+ attr->u.val = read_2_bytes (abfd, &info_ptr, info_ptr_end);
+ if (unit->dwarf_str_offset != 0)
+ attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
++ else
++ attr->u.str = NULL;
+ break;
+ case DW_FORM_strx3:
+ attr->u.val = read_3_bytes (abfd, &info_ptr, info_ptr_end);
+ if (unit->dwarf_str_offset != 0)
+ attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
++ else
++ attr->u.str = NULL;
+ break;
+ case DW_FORM_strx4:
+ attr->u.val = read_4_bytes (abfd, &info_ptr, info_ptr_end);
+ if (unit->dwarf_str_offset != 0)
+ attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
++ else
++ attr->u.str = NULL;
+ break;
+ case DW_FORM_strx:
+ attr->u.val = _bfd_safe_read_leb128 (abfd, &info_ptr,
+ false, info_ptr_end);
+ if (unit->dwarf_str_offset != 0)
+ attr->u.str = (char *) read_indexed_string (attr->u.val, unit);
++ else
++ attr->u.str = NULL;
+ break;
+ case DW_FORM_exprloc:
+ case DW_FORM_block:
+--
+2.31.1
+
diff --git a/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-4.patch b/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-4.patch
new file mode 100644
index 0000000000..c5a869ca9d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0021-CVE-2023-1579-4.patch
@@ -0,0 +1,37 @@
+From 3e307d538c351aa9327cbad672c884059ecc20dd Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 11 Jan 2023 12:13:46 +0000
+Subject: [PATCH] Fix a potential illegal memory access in the BFD library when
+ parsing a corrupt DWARF file.
+
+ PR 29988
+ * dwarf2.c (read_indexed_address): Fix check for an out of range
+ offset.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3e307d538c351aa9327cbad672c884059ecc20dd]
+
+CVE: CVE-2023-1579
+
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+
+---
+ bfd/ChangeLog | 6 ++++++
+ bfd/dwarf2.c | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 6eb6e04e6e5..4ec0053a111 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -1412,7 +1412,7 @@ read_indexed_address (uint64_t idx, struct comp_unit *unit)
+ offset += unit->dwarf_addr_offset;
+ if (offset < unit->dwarf_addr_offset
+ || offset > file->dwarf_addr_size
+- || file->dwarf_addr_size - offset < unit->offset_size)
++ || file->dwarf_addr_size - offset < unit->addr_size)
+ return 0;
+
+ info_ptr = file->dwarf_addr_buffer + offset;
+--
+2.31.1
+
diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch
new file mode 100644
index 0000000000..990243f5c9
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch
@@ -0,0 +1,56 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 17 Mar 2022 09:35:39 +0000 (+1030)
+Subject: ubsan: Null dereference in parse_module
+X-Git-Tag: gdb-12.1-release~59
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2
+
+ubsan: Null dereference in parse_module
+
+ * vms-alpha.c (parse_module): Sanity check that DST__K_RTNBEG
+ has set module->func_table for DST__K_RTNEND. Check return
+ of bfd_zalloc.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c9178f285acf19e066be8367185d52837161b0a2]
+
+CVE: CVE-2023-25584
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
+index 4a92574c850..1129c98f0e2 100644
+--- a/bfd/vms-alpha.c
++++ b/bfd/vms-alpha.c
+@@ -4352,9 +4352,13 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+
+ /* Initialize tables with zero element. */
+ curr_srec = (struct srecinfo *) bfd_zalloc (abfd, sizeof (struct srecinfo));
++ if (!curr_srec)
++ return false;
+ module->srec_table = curr_srec;
+
+ curr_line = (struct lineinfo *) bfd_zalloc (abfd, sizeof (struct lineinfo));
++ if (!curr_line)
++ return false;
+ module->line_table = curr_line;
+
+ while (length == -1 || ptr < maxptr)
+@@ -4389,6 +4393,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ case DST__K_RTNBEG:
+ funcinfo = (struct funcinfo *)
+ bfd_zalloc (abfd, sizeof (struct funcinfo));
++ if (!funcinfo)
++ return false;
+ funcinfo->name
+ = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME,
+ maxptr - (ptr + DST_S_B_RTNBEG_NAME));
+@@ -4401,6 +4407,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ break;
+
+ case DST__K_RTNEND:
++ if (!module->func_table)
++ return false;
+ module->func_table->high = module->func_table->low
+ + bfd_getl32 (ptr + DST_S_L_RTNEND_SIZE) - 1;
+
diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch
new file mode 100644
index 0000000000..f4c5ed2aff
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch
@@ -0,0 +1,38 @@
+From da928f639002002dfc649ed9f50492d5d6cb4cee Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 5 Dec 2022 11:11:44 +0000
+Subject: [PATCH] Fix an illegal memory access when parsing a corrupt VMS Alpha
+ file.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix an illegal memory access when parsing a corrupt VMS Alpha file.
+
+ PR 29848
+ * vms-alpha.c (parse_module): Fix potential out of bounds memory
+ access.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=942fa4fb32738ecbb447546d54f1e5f0312d2ed4]
+
+CVE: CVE-2023-25584
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+ bfd/vms-alpha.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
+index c548722c..53b3f1bf 100644
+--- a/bfd/vms-alpha.c
++++ b/bfd/vms-alpha.c
+@@ -4361,7 +4361,7 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ return false;
+ module->line_table = curr_line;
+
+- while (length == -1 || ptr < maxptr)
++ while (length == -1 || (ptr + 3) < maxptr)
+ {
+ /* The first byte is not counted in the recorded length. */
+ int rec_length = bfd_getl16 (ptr) + 1;
diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch
new file mode 100644
index 0000000000..47cc3f310b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch
@@ -0,0 +1,536 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 12 Dec 2022 07:58:49 +0000 (+1030)
+Subject: Lack of bounds checking in vms-alpha.c parse_module
+X-Git-Tag: gdb-13-branchpoint~87
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=77c225bdeb410cf60da804879ad41622f5f1aa44
+
+Lack of bounds checking in vms-alpha.c parse_module
+
+ PR 29873
+ PR 29874
+ PR 29875
+ PR 29876
+ PR 29877
+ PR 29878
+ PR 29879
+ PR 29880
+ PR 29881
+ PR 29882
+ PR 29883
+ PR 29884
+ PR 29885
+ PR 29886
+ PR 29887
+ PR 29888
+ PR 29889
+ PR 29890
+ PR 29891
+ * vms-alpha.c (parse_module): Make length param bfd_size_type.
+ Delete length == -1 checks. Sanity check record_length.
+ Sanity check DST__K_MODBEG, DST__K_RTNBEG, DST__K_RTNEND lengths.
+ Sanity check DST__K_SOURCE and DST__K_LINE_NUM elements
+ before accessing.
+ (build_module_list): Pass dst_section size to parse_module.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=77c225bdeb410cf60da804879ad41622f5f1aa44]
+
+CVE: CVE-2023-25584
+CVE: CVE-2022-47673
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com>
+
+---
+
+diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
+index c0eb5bc5a2a..3b63259cc81 100644
+--- a/bfd/vms-alpha.c
++++ b/bfd/vms-alpha.c
+@@ -4340,7 +4340,7 @@ new_module (bfd *abfd)
+
+ static bool
+ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+- int length)
++ bfd_size_type length)
+ {
+ unsigned char *maxptr = ptr + length;
+ unsigned char *src_ptr, *pcl_ptr;
+@@ -4361,7 +4361,7 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ return false;
+ module->line_table = curr_line;
+
+- while (length == -1 || (ptr + 3) < maxptr)
++ while (ptr + 3 < maxptr)
+ {
+ /* The first byte is not counted in the recorded length. */
+ int rec_length = bfd_getl16 (ptr) + 1;
+@@ -4369,15 +4369,19 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+
+ vms_debug2 ((2, "DST record: leng %d, type %d\n", rec_length, rec_type));
+
+- if (length == -1 && rec_type == DST__K_MODEND)
++ if (rec_length > maxptr - ptr)
++ break;
++ if (rec_type == DST__K_MODEND)
+ break;
+
+ switch (rec_type)
+ {
+ case DST__K_MODBEG:
++ if (rec_length <= DST_S_B_MODBEG_NAME)
++ break;
+ module->name
+ = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_MODBEG_NAME,
+- maxptr - (ptr + DST_S_B_MODBEG_NAME));
++ rec_length - DST_S_B_MODBEG_NAME);
+
+ curr_pc = 0;
+ prev_pc = 0;
+@@ -4391,13 +4395,15 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ break;
+
+ case DST__K_RTNBEG:
++ if (rec_length <= DST_S_B_RTNBEG_NAME)
++ break;
+ funcinfo = (struct funcinfo *)
+ bfd_zalloc (abfd, sizeof (struct funcinfo));
+ if (!funcinfo)
+ return false;
+ funcinfo->name
+ = _bfd_vms_save_counted_string (abfd, ptr + DST_S_B_RTNBEG_NAME,
+- maxptr - (ptr + DST_S_B_RTNBEG_NAME));
++ rec_length - DST_S_B_RTNBEG_NAME);
+ funcinfo->low = bfd_getl32 (ptr + DST_S_L_RTNBEG_ADDRESS);
+ funcinfo->next = module->func_table;
+ module->func_table = funcinfo;
+@@ -4407,6 +4413,8 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ break;
+
+ case DST__K_RTNEND:
++ if (rec_length < DST_S_L_RTNEND_SIZE + 4)
++ break;
+ if (!module->func_table)
+ return false;
+ module->func_table->high = module->func_table->low
+@@ -4439,10 +4447,63 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+
+ vms_debug2 ((3, "source info\n"));
+
+- while (src_ptr < ptr + rec_length)
++ while (src_ptr - ptr < rec_length)
+ {
+ int cmd = src_ptr[0], cmd_length, data;
+
++ switch (cmd)
++ {
++ case DST__K_SRC_DECLFILE:
++ if (src_ptr - ptr + DST_S_B_SRC_DF_LENGTH >= rec_length)
++ cmd_length = 0x10000;
++ else
++ cmd_length = src_ptr[DST_S_B_SRC_DF_LENGTH] + 2;
++ break;
++
++ case DST__K_SRC_DEFLINES_B:
++ cmd_length = 2;
++ break;
++
++ case DST__K_SRC_DEFLINES_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_SRC_INCRLNUM_B:
++ cmd_length = 2;
++ break;
++
++ case DST__K_SRC_SETFILE:
++ cmd_length = 3;
++ break;
++
++ case DST__K_SRC_SETLNUM_L:
++ cmd_length = 5;
++ break;
++
++ case DST__K_SRC_SETLNUM_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_SRC_SETREC_L:
++ cmd_length = 5;
++ break;
++
++ case DST__K_SRC_SETREC_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_SRC_FORMFEED:
++ cmd_length = 1;
++ break;
++
++ default:
++ cmd_length = 2;
++ break;
++ }
++
++ if (src_ptr - ptr + cmd_length > rec_length)
++ break;
++
+ switch (cmd)
+ {
+ case DST__K_SRC_DECLFILE:
+@@ -4467,7 +4528,6 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+
+ module->file_table [fileid].name = filename;
+ module->file_table [fileid].srec = 1;
+- cmd_length = src_ptr[DST_S_B_SRC_DF_LENGTH] + 2;
+ vms_debug2 ((4, "DST_S_C_SRC_DECLFILE: %d, %s\n",
+ fileid, module->file_table [fileid].name));
+ }
+@@ -4484,7 +4544,6 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ srec->sfile = curr_srec->sfile;
+ curr_srec->next = srec;
+ curr_srec = srec;
+- cmd_length = 2;
+ vms_debug2 ((4, "DST_S_C_SRC_DEFLINES_B: %d\n", data));
+ break;
+
+@@ -4499,14 +4558,12 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ srec->sfile = curr_srec->sfile;
+ curr_srec->next = srec;
+ curr_srec = srec;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST_S_C_SRC_DEFLINES_W: %d\n", data));
+ break;
+
+ case DST__K_SRC_INCRLNUM_B:
+ data = src_ptr[DST_S_B_SRC_UNSBYTE];
+ curr_srec->line += data;
+- cmd_length = 2;
+ vms_debug2 ((4, "DST_S_C_SRC_INCRLNUM_B: %d\n", data));
+ break;
+
+@@ -4514,21 +4571,18 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ data = bfd_getl16 (src_ptr + DST_S_W_SRC_UNSWORD);
+ curr_srec->sfile = data;
+ curr_srec->srec = module->file_table[data].srec;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST_S_C_SRC_SETFILE: %d\n", data));
+ break;
+
+ case DST__K_SRC_SETLNUM_L:
+ data = bfd_getl32 (src_ptr + DST_S_L_SRC_UNSLONG);
+ curr_srec->line = data;
+- cmd_length = 5;
+ vms_debug2 ((4, "DST_S_C_SRC_SETLNUM_L: %d\n", data));
+ break;
+
+ case DST__K_SRC_SETLNUM_W:
+ data = bfd_getl16 (src_ptr + DST_S_W_SRC_UNSWORD);
+ curr_srec->line = data;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST_S_C_SRC_SETLNUM_W: %d\n", data));
+ break;
+
+@@ -4536,7 +4590,6 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ data = bfd_getl32 (src_ptr + DST_S_L_SRC_UNSLONG);
+ curr_srec->srec = data;
+ module->file_table[curr_srec->sfile].srec = data;
+- cmd_length = 5;
+ vms_debug2 ((4, "DST_S_C_SRC_SETREC_L: %d\n", data));
+ break;
+
+@@ -4544,19 +4597,16 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ data = bfd_getl16 (src_ptr + DST_S_W_SRC_UNSWORD);
+ curr_srec->srec = data;
+ module->file_table[curr_srec->sfile].srec = data;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST_S_C_SRC_SETREC_W: %d\n", data));
+ break;
+
+ case DST__K_SRC_FORMFEED:
+- cmd_length = 1;
+ vms_debug2 ((4, "DST_S_C_SRC_FORMFEED\n"));
+ break;
+
+ default:
+ _bfd_error_handler (_("unknown source command %d"),
+ cmd);
+- cmd_length = 2;
+ break;
+ }
+
+@@ -4569,18 +4619,114 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+
+ vms_debug2 ((3, "line info\n"));
+
+- while (pcl_ptr < ptr + rec_length)
++ while (pcl_ptr - ptr < rec_length)
+ {
+ /* The command byte is signed so we must sign-extend it. */
+ int cmd = ((signed char *)pcl_ptr)[0], cmd_length, data;
+
++ switch (cmd)
++ {
++ case DST__K_DELTA_PC_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_DELTA_PC_L:
++ cmd_length = 5;
++ break;
++
++ case DST__K_INCR_LINUM:
++ cmd_length = 2;
++ break;
++
++ case DST__K_INCR_LINUM_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_INCR_LINUM_L:
++ cmd_length = 5;
++ break;
++
++ case DST__K_SET_LINUM_INCR:
++ cmd_length = 2;
++ break;
++
++ case DST__K_SET_LINUM_INCR_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_RESET_LINUM_INCR:
++ cmd_length = 1;
++ break;
++
++ case DST__K_BEG_STMT_MODE:
++ cmd_length = 1;
++ break;
++
++ case DST__K_END_STMT_MODE:
++ cmd_length = 1;
++ break;
++
++ case DST__K_SET_LINUM_B:
++ cmd_length = 2;
++ break;
++
++ case DST__K_SET_LINUM:
++ cmd_length = 3;
++ break;
++
++ case DST__K_SET_LINUM_L:
++ cmd_length = 5;
++ break;
++
++ case DST__K_SET_PC:
++ cmd_length = 2;
++ break;
++
++ case DST__K_SET_PC_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_SET_PC_L:
++ cmd_length = 5;
++ break;
++
++ case DST__K_SET_STMTNUM:
++ cmd_length = 2;
++ break;
++
++ case DST__K_TERM:
++ cmd_length = 2;
++ break;
++
++ case DST__K_TERM_W:
++ cmd_length = 3;
++ break;
++
++ case DST__K_TERM_L:
++ cmd_length = 5;
++ break;
++
++ case DST__K_SET_ABS_PC:
++ cmd_length = 5;
++ break;
++
++ default:
++ if (cmd <= 0)
++ cmd_length = 1;
++ else
++ cmd_length = 2;
++ break;
++ }
++
++ if (pcl_ptr - ptr + cmd_length > rec_length)
++ break;
++
+ switch (cmd)
+ {
+ case DST__K_DELTA_PC_W:
+ data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD);
+ curr_pc += data;
+ curr_linenum += 1;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST__K_DELTA_PC_W: %d\n", data));
+ break;
+
+@@ -4588,131 +4734,111 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG);
+ curr_pc += data;
+ curr_linenum += 1;
+- cmd_length = 5;
+ vms_debug2 ((4, "DST__K_DELTA_PC_L: %d\n", data));
+ break;
+
+ case DST__K_INCR_LINUM:
+ data = pcl_ptr[DST_S_B_PCLINE_UNSBYTE];
+ curr_linenum += data;
+- cmd_length = 2;
+ vms_debug2 ((4, "DST__K_INCR_LINUM: %d\n", data));
+ break;
+
+ case DST__K_INCR_LINUM_W:
+ data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD);
+ curr_linenum += data;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST__K_INCR_LINUM_W: %d\n", data));
+ break;
+
+ case DST__K_INCR_LINUM_L:
+ data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG);
+ curr_linenum += data;
+- cmd_length = 5;
+ vms_debug2 ((4, "DST__K_INCR_LINUM_L: %d\n", data));
+ break;
+
+ case DST__K_SET_LINUM_INCR:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_SET_LINUM_INCR");
+- cmd_length = 2;
+ break;
+
+ case DST__K_SET_LINUM_INCR_W:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_SET_LINUM_INCR_W");
+- cmd_length = 3;
+ break;
+
+ case DST__K_RESET_LINUM_INCR:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_RESET_LINUM_INCR");
+- cmd_length = 1;
+ break;
+
+ case DST__K_BEG_STMT_MODE:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_BEG_STMT_MODE");
+- cmd_length = 1;
+ break;
+
+ case DST__K_END_STMT_MODE:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_END_STMT_MODE");
+- cmd_length = 1;
+ break;
+
+ case DST__K_SET_LINUM_B:
+ data = pcl_ptr[DST_S_B_PCLINE_UNSBYTE];
+ curr_linenum = data;
+- cmd_length = 2;
+ vms_debug2 ((4, "DST__K_SET_LINUM_B: %d\n", data));
+ break;
+
+ case DST__K_SET_LINUM:
+ data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD);
+ curr_linenum = data;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST__K_SET_LINE_NUM: %d\n", data));
+ break;
+
+ case DST__K_SET_LINUM_L:
+ data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG);
+ curr_linenum = data;
+- cmd_length = 5;
+ vms_debug2 ((4, "DST__K_SET_LINUM_L: %d\n", data));
+ break;
+
+ case DST__K_SET_PC:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_SET_PC");
+- cmd_length = 2;
+ break;
+
+ case DST__K_SET_PC_W:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_SET_PC_W");
+- cmd_length = 3;
+ break;
+
+ case DST__K_SET_PC_L:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_SET_PC_L");
+- cmd_length = 5;
+ break;
+
+ case DST__K_SET_STMTNUM:
+ _bfd_error_handler
+ (_("%s not implemented"), "DST__K_SET_STMTNUM");
+- cmd_length = 2;
+ break;
+
+ case DST__K_TERM:
+ data = pcl_ptr[DST_S_B_PCLINE_UNSBYTE];
+ curr_pc += data;
+- cmd_length = 2;
+ vms_debug2 ((4, "DST__K_TERM: %d\n", data));
+ break;
+
+ case DST__K_TERM_W:
+ data = bfd_getl16 (pcl_ptr + DST_S_W_PCLINE_UNSWORD);
+ curr_pc += data;
+- cmd_length = 3;
+ vms_debug2 ((4, "DST__K_TERM_W: %d\n", data));
+ break;
+
+ case DST__K_TERM_L:
+ data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG);
+ curr_pc += data;
+- cmd_length = 5;
+ vms_debug2 ((4, "DST__K_TERM_L: %d\n", data));
+ break;
+
+ case DST__K_SET_ABS_PC:
+ data = bfd_getl32 (pcl_ptr + DST_S_L_PCLINE_UNSLONG);
+ curr_pc = data;
+- cmd_length = 5;
+ vms_debug2 ((4, "DST__K_SET_ABS_PC: 0x%x\n", data));
+ break;
+
+@@ -4721,15 +4847,11 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ {
+ curr_pc -= cmd;
+ curr_linenum += 1;
+- cmd_length = 1;
+ vms_debug2 ((4, "bump pc to 0x%lx and line to %d\n",
+ (unsigned long)curr_pc, curr_linenum));
+ }
+ else
+- {
+- _bfd_error_handler (_("unknown line command %d"), cmd);
+- cmd_length = 2;
+- }
++ _bfd_error_handler (_("unknown line command %d"), cmd);
+ break;
+ }
+
+@@ -4859,7 +4981,8 @@ build_module_list (bfd *abfd)
+ return NULL;
+
+ module = new_module (abfd);
+- if (!parse_module (abfd, module, PRIV (dst_section)->contents, -1))
++ if (!parse_module (abfd, module, PRIV (dst_section)->contents,
++ PRIV (dst_section)->size))
+ return NULL;
+ list = module;
+ }
diff --git a/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch b/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch
new file mode 100644
index 0000000000..e31a027b9f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch
@@ -0,0 +1,54 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 12 Dec 2022 08:31:08 +0000 (+1030)
+Subject: PR29892, Field file_table of struct module is uninitialized
+X-Git-Tag: gdb-13-branchpoint~86
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7
+
+PR29892, Field file_table of struct module is uninitialized
+
+ PR 29892
+ * vms-alphs.c (new_module): Use bfd_zmalloc to alloc file_table.
+ (parse_module): Rewrite file_table reallocation code and clear.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7]
+
+CVE: CVE-2023-25585
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
+index 3b63259cc81..6ee7060b0b2 100644
+--- a/bfd/vms-alpha.c
++++ b/bfd/vms-alpha.c
+@@ -4337,7 +4337,7 @@ new_module (bfd *abfd)
+ = (struct module *) bfd_zalloc (abfd, sizeof (struct module));
+ module->file_table_count = 16; /* Arbitrary. */
+ module->file_table
+- = bfd_malloc (module->file_table_count * sizeof (struct fileinfo));
++ = bfd_zmalloc (module->file_table_count * sizeof (struct fileinfo));
+ return module;
+ }
+
+@@ -4520,15 +4520,18 @@ parse_module (bfd *abfd, struct module *module, unsigned char *ptr,
+ src_ptr + DST_S_B_SRC_DF_FILENAME,
+ ptr + rec_length - (src_ptr + DST_S_B_SRC_DF_FILENAME));
+
+- while (fileid >= module->file_table_count)
++ if (fileid >= module->file_table_count)
+ {
+- module->file_table_count *= 2;
++ unsigned int old_count = module->file_table_count;
++ module->file_table_count += fileid;
+ module->file_table
+ = bfd_realloc_or_free (module->file_table,
+ module->file_table_count
+ * sizeof (struct fileinfo));
+ if (module->file_table == NULL)
+ return false;
++ memset (module->file_table + old_count, 0,
++ fileid * sizeof (struct fileinfo));
+ }
+
+ module->file_table [fileid].name = filename;
diff --git a/meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch b/meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch
new file mode 100644
index 0000000000..9b5825037f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch
@@ -0,0 +1,149 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Fri, 14 Oct 2022 00:00:21 +0000 (+1030)
+Subject: PR29677, Field `the_bfd` of `asymbol` is uninitialised
+X-Git-Tag: gdb-13-branchpoint~871
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1
+
+PR29677, Field `the_bfd` of `asymbol` is uninitialised
+
+Besides not initialising the_bfd of synthetic symbols, counting
+symbols when sizing didn't match symbols created if there were any
+dynsyms named "". We don't want synthetic symbols without names
+anyway, so get rid of them. Also, simplify and correct sanity checks.
+
+ PR 29677
+ * mach-o.c (bfd_mach_o_get_synthetic_symtab): Rewrite.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1]
+
+CVE: CVE-2023-25588
+CVE: CVE-2022-47696
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com>
+
+---
+
+diff --git a/bfd/mach-o.c b/bfd/mach-o.c
+index acb35e7f0c6..5279343768c 100644
+--- a/bfd/mach-o.c
++++ b/bfd/mach-o.c
+@@ -938,11 +938,9 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
+ bfd_mach_o_symtab_command *symtab = mdata->symtab;
+ asymbol *s;
+ char * s_start;
+- char * s_end;
+ unsigned long count, i, j, n;
+ size_t size;
+ char *names;
+- char *nul_name;
+ const char stub [] = "$stub";
+
+ *ret = NULL;
+@@ -955,27 +953,27 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
+ /* We need to allocate a bfd symbol for every indirect symbol and to
+ allocate the memory for its name. */
+ count = dysymtab->nindirectsyms;
+- size = count * sizeof (asymbol) + 1;
+-
++ size = 0;
+ for (j = 0; j < count; j++)
+ {
+- const char * strng;
+ unsigned int isym = dysymtab->indirect_syms[j];
++ const char *str;
+
+ /* Some indirect symbols are anonymous. */
+- if (isym < symtab->nsyms && (strng = symtab->symbols[isym].symbol.name))
+- /* PR 17512: file: f5b8eeba. */
+- size += strnlen (strng, symtab->strsize - (strng - symtab->strtab)) + sizeof (stub);
++ if (isym < symtab->nsyms
++ && (str = symtab->symbols[isym].symbol.name) != NULL)
++ {
++ /* PR 17512: file: f5b8eeba. */
++ size += strnlen (str, symtab->strsize - (str - symtab->strtab));
++ size += sizeof (stub);
++ }
+ }
+
+- s_start = bfd_malloc (size);
++ s_start = bfd_malloc (size + count * sizeof (asymbol));
+ s = *ret = (asymbol *) s_start;
+ if (s == NULL)
+ return -1;
+ names = (char *) (s + count);
+- nul_name = names;
+- *names++ = 0;
+- s_end = s_start + size;
+
+ n = 0;
+ for (i = 0; i < mdata->nsects; i++)
+@@ -997,47 +995,39 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
+ entry_size = bfd_mach_o_section_get_entry_size (abfd, sec);
+
+ /* PR 17512: file: 08e15eec. */
+- if (first >= count || last >= count || first > last)
++ if (first >= count || last > count || first > last)
+ goto fail;
+
+ for (j = first; j < last; j++)
+ {
+ unsigned int isym = dysymtab->indirect_syms[j];
+-
+- /* PR 17512: file: 04d64d9b. */
+- if (((char *) s) + sizeof (* s) > s_end)
+- goto fail;
+-
+- s->flags = BSF_GLOBAL | BSF_SYNTHETIC;
+- s->section = sec->bfdsection;
+- s->value = addr - sec->addr;
+- s->udata.p = NULL;
++ const char *str;
++ size_t len;
+
+ if (isym < symtab->nsyms
+- && symtab->symbols[isym].symbol.name)
++ && (str = symtab->symbols[isym].symbol.name) != NULL)
+ {
+- const char *sym = symtab->symbols[isym].symbol.name;
+- size_t len;
+-
+- s->name = names;
+- len = strlen (sym);
+- /* PR 17512: file: 47dfd4d2. */
+- if (names + len >= s_end)
++ /* PR 17512: file: 04d64d9b. */
++ if (n >= count)
+ goto fail;
+- memcpy (names, sym, len);
+- names += len;
+- /* PR 17512: file: 18f340a4. */
+- if (names + sizeof (stub) >= s_end)
++ len = strnlen (str, symtab->strsize - (str - symtab->strtab));
++ /* PR 17512: file: 47dfd4d2, 18f340a4. */
++ if (size < len + sizeof (stub))
+ goto fail;
+- memcpy (names, stub, sizeof (stub));
+- names += sizeof (stub);
++ memcpy (names, str, len);
++ memcpy (names + len, stub, sizeof (stub));
++ s->name = names;
++ names += len + sizeof (stub);
++ size -= len + sizeof (stub);
++ s->the_bfd = symtab->symbols[isym].symbol.the_bfd;
++ s->flags = BSF_GLOBAL | BSF_SYNTHETIC;
++ s->section = sec->bfdsection;
++ s->value = addr - sec->addr;
++ s->udata.p = NULL;
++ s++;
++ n++;
+ }
+- else
+- s->name = nul_name;
+-
+ addr += entry_size;
+- s++;
+- n++;
+ }
+ break;
+ default:
diff --git a/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch b/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
new file mode 100644
index 0000000000..f86adad217
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
@@ -0,0 +1,41 @@
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 30 Mar 2023 09:10:09 +0000 (+0100)
+Subject: Fix an illegal memory access when an accessing a zer0-lengthverdef table.
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57
+
+Fix an illegal memory access when an accessing a zer0-lengthverdef table.
+
+ PR 30285
+ * elf.c (_bfd_elf_slurp_version_tables): Fail if no version definitions are allocated.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57]
+
+CVE: CVE-2023-1972
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/bfd/elf.c b/bfd/elf.c
+index 027d0143735..185028cbd97 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -9030,6 +9030,9 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+ bfd_set_error (bfd_error_file_too_big);
+ goto error_return_verdef;
+ }
++
++ if (amt == 0)
++ goto error_return_verdef;
+ elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
+ if (elf_tdata (abfd)->verdef == NULL)
+ goto error_return_verdef;
+@@ -9133,6 +9136,8 @@ _bfd_elf_slurp_version_tables (bfd *abfd, bool default_imported_symver)
+ bfd_set_error (bfd_error_file_too_big);
+ goto error_return;
+ }
++ if (amt == 0)
++ goto error_return;
+ elf_tdata (abfd)->verdef = (Elf_Internal_Verdef *) bfd_zalloc (abfd, amt);
+ if (elf_tdata (abfd)->verdef == NULL)
+ goto error_return;
diff --git a/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch b/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch
new file mode 100644
index 0000000000..a3fff65409
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0027-CVE-2022-47008.patch
@@ -0,0 +1,67 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 16 Jun 2022 23:43:38 +0000 (+0930)
+Subject: PR29255, memory leak in make_tempdir
+X-Git-Tag: binutils-2_39~236
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682
+
+PR29255, memory leak in make_tempdir
+
+ PR 29255
+ * bucomm.c (make_tempdir, make_tempname): Free template on all
+ failure paths.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682]
+
+CVE: CVE-2022-47008
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/binutils/bucomm.c b/binutils/bucomm.c
+index fdc2209df9c..4395cb9f7f5 100644
+--- a/binutils/bucomm.c
++++ b/binutils/bucomm.c
+@@ -537,8 +537,9 @@ make_tempname (const char *filename, int *ofd)
+ #else
+ tmpname = mktemp (tmpname);
+ if (tmpname == NULL)
+- return NULL;
+- fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600);
++ fd = -1;
++ else
++ fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600);
+ #endif
+ if (fd == -1)
+ {
+@@ -556,22 +557,23 @@ char *
+ make_tempdir (const char *filename)
+ {
+ char *tmpname = template_in_dir (filename);
++ char *ret;
+
+ #ifdef HAVE_MKDTEMP
+- return mkdtemp (tmpname);
++ ret = mkdtemp (tmpname);
+ #else
+- tmpname = mktemp (tmpname);
+- if (tmpname == NULL)
+- return NULL;
++ ret = mktemp (tmpname);
+ #if defined (_WIN32) && !defined (__CYGWIN32__)
+ if (mkdir (tmpname) != 0)
+- return NULL;
++ ret = NULL;
+ #else
+ if (mkdir (tmpname, 0700) != 0)
+- return NULL;
++ ret = NULL;
+ #endif
+- return tmpname;
+ #endif
++ if (ret == NULL)
++ free (tmpname);
++ return ret;
+ }
+
+ /* Parse a string into a VMA, with a fatal error if it can't be
diff --git a/meta/recipes-devtools/binutils/binutils/0028-CVE-2022-47011.patch b/meta/recipes-devtools/binutils/binutils/0028-CVE-2022-47011.patch
new file mode 100644
index 0000000000..73ae46e218
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0028-CVE-2022-47011.patch
@@ -0,0 +1,35 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 20 Jun 2022 01:09:13 +0000 (+0930)
+Subject: PR29261, memory leak in parse_stab_struct_fields
+X-Git-Tag: binutils-2_39~225
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8a24927bc8dbf6beac2000593b21235c3796dc35
+
+PR29261, memory leak in parse_stab_struct_fields
+
+ PR 29261
+ * stabs.c (parse_stab_struct_fields): Free "fields" on failure path.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8a24927bc8dbf6beac2000593b21235c3796dc35]
+
+CVE: CVE-2022-47011
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index 796ff85b86a..bf3f578cbcc 100644
+--- a/binutils/stabs.c
++++ b/binutils/stabs.c
+@@ -2367,7 +2367,10 @@ parse_stab_struct_fields (void *dhandle,
+
+ if (! parse_stab_one_struct_field (dhandle, info, pp, p, fields + c,
+ staticsp, p_end))
+- return false;
++ {
++ free (fields);
++ return false;
++ }
+
+ ++c;
+ }
diff --git a/meta/recipes-devtools/binutils/binutils/0029-CVE-2022-48065-1.patch b/meta/recipes-devtools/binutils/binutils/0029-CVE-2022-48065-1.patch
new file mode 100644
index 0000000000..4642251f9b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0029-CVE-2022-48065-1.patch
@@ -0,0 +1,31 @@
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 29 Mar 2022 06:19:14 +0000 (+0200)
+Subject: bfd/Dwarf2: gas doesn't mangle names
+X-Git-Tag: binutils-2_39~1287
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=ddfc2f56d5782af79c696d7fef7c73bba11e8b09
+
+bfd/Dwarf2: gas doesn't mangle names
+
+Include the language identifier emitted by gas in the set of ones where
+no mangled names are expected. Even if there could be "hand-mangled"
+names, gas doesn't emit DW_AT_linkage_name in the first place.
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=ddfc2f56d5782af79c696d7fef7c73bba11e8b09]
+
+CVE: CVE-2022-48065
+
+Signed-off-by: Sanjana Venkatesh <Sanjana.Venkatesh@windriver.com>
+
+---
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 8cd0ce9d425..9aa4e955a5e 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -1441,6 +1441,7 @@ non_mangled (int lang)
+ case DW_LANG_PLI:
+ case DW_LANG_UPC:
+ case DW_LANG_C11:
++ case DW_LANG_Mips_Assembler:
+ return true;
+ }
+ }
diff --git a/meta/recipes-devtools/binutils/binutils/0029-CVE-2022-48065-2.patch b/meta/recipes-devtools/binutils/binutils/0029-CVE-2022-48065-2.patch
new file mode 100644
index 0000000000..8aa21f2716
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0029-CVE-2022-48065-2.patch
@@ -0,0 +1,115 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 21 Sep 2022 05:15:44 +0000 (+0930)
+Subject: dwarf2.c: mangle_style
+X-Git-Tag: gdb-13-branchpoint~1165
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=4609af80c29db6015ce01b67c48f237c210da9b4
+
+dwarf2.c: mangle_style
+
+non_mangled incorrectly returned "true" for Ada. Correct that, and
+add a few more non-mangled entries. Return a value suitable for
+passing to cplus_demangle to control demangling.
+
+ * dwarf2.c: Include demangle.h.
+ (mangle_style): Rename from non_mangled. Return DMGL_* value
+ to suit lang. Adjust all callers.
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=4609af80c29db6015ce01b67c48f237c210da9b4]
+
+CVE: CVE-2022-48065
+
+Signed-off-by: Sanjana Venkatesh <Sanjana.Venkatesh@windriver.com>
+
+---
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index e7c12c3e9de..138cdbb00bb 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -32,6 +32,7 @@
+ #include "sysdep.h"
+ #include "bfd.h"
+ #include "libiberty.h"
++#include "demangle.h"
+ #include "libbfd.h"
+ #include "elf-bfd.h"
+ #include "dwarf2.h"
+@@ -1711,31 +1712,52 @@ read_attribute (struct attribute * attr,
+ return info_ptr;
+ }
+
+-/* Return whether DW_AT_name will return the same as DW_AT_linkage_name
+- for a function. */
++/* Return mangling style given LANG. */
+
+-static bool
+-non_mangled (int lang)
++static int
++mangle_style (int lang)
+ {
+ switch (lang)
+ {
++ case DW_LANG_Ada83:
++ case DW_LANG_Ada95:
++ return DMGL_GNAT;
++
++ case DW_LANG_C_plus_plus:
++ case DW_LANG_C_plus_plus_03:
++ case DW_LANG_C_plus_plus_11:
++ case DW_LANG_C_plus_plus_14:
++ return DMGL_GNU_V3;
++
++ case DW_LANG_Java:
++ return DMGL_JAVA;
++
++ case DW_LANG_D:
++ return DMGL_DLANG;
++
++ case DW_LANG_Rust:
++ case DW_LANG_Rust_old:
++ return DMGL_RUST;
++
+ default:
+- return false;
++ return DMGL_AUTO;
+
+ case DW_LANG_C89:
+ case DW_LANG_C:
+- case DW_LANG_Ada83:
+ case DW_LANG_Cobol74:
+ case DW_LANG_Cobol85:
+ case DW_LANG_Fortran77:
+ case DW_LANG_Pascal83:
+- case DW_LANG_C99:
+- case DW_LANG_Ada95:
+ case DW_LANG_PLI:
++ case DW_LANG_C99:
+ case DW_LANG_UPC:
+ case DW_LANG_C11:
+ case DW_LANG_Mips_Assembler:
+- return true;
++ case DW_LANG_Upc:
++ case DW_LANG_HP_Basic91:
++ case DW_LANG_HP_IMacro:
++ case DW_LANG_HP_Assembler:
++ return 0;
+ }
+ }
+
+@@ -3599,7 +3621,7 @@ find_abstract_instance (struct comp_unit *unit,
+ if (name == NULL && is_str_form (&attr))
+ {
+ name = attr.u.str;
+- if (non_mangled (unit->lang))
++ if (mangle_style (unit->lang) == 0)
+ *is_linkage = true;
+ }
+ break;
+@@ -4095,7 +4117,7 @@ scan_unit_for_symbols (struct comp_unit *unit)
+ if (func->name == NULL && is_str_form (&attr))
+ {
+ func->name = attr.u.str;
+- if (non_mangled (unit->lang))
++ if (mangle_style (unit->lang) == 0)
+ func->is_linkage = true;
+ }
+ break;
diff --git a/meta/recipes-devtools/binutils/binutils/0029-CVE-2022-48065-3.patch b/meta/recipes-devtools/binutils/binutils/0029-CVE-2022-48065-3.patch
new file mode 100644
index 0000000000..35a658a22c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0029-CVE-2022-48065-3.patch
@@ -0,0 +1,122 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 21 Dec 2022 11:10:12 +0000 (+1030)
+Subject: PR29925, Memory leak in find_abstract_instance
+X-Git-Tag: binutils-2_40~192
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d28fbc7197ba0e021a43f873eff90b05dcdcff6a
+
+PR29925, Memory leak in find_abstract_instance
+
+The testcase in the PR had a variable with both DW_AT_decl_file and
+DW_AT_specification, where the DW_AT_specification also specified
+DW_AT_decl_file. This leads to a memory leak as the file name is
+malloced and duplicates are not expected.
+
+I've also changed find_abstract_instance to not use a temp for "name",
+because that can result in a change in behaviour from the usual last
+of duplicate attributes wins.
+
+ PR 29925
+ * dwarf2.c (find_abstract_instance): Delete "name" variable.
+ Free *filename_ptr before assigning new file name.
+ (scan_unit_for_symbols): Similarly free func->file and
+ var->file before assigning.
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=d28fbc7197ba0e021a43f873eff90b05dcdcff6a]
+
+CVE: CVE-2022-48065
+
+Signed-off-by: Sanjana Venkatesh <Sanjana.Venkatesh@windriver.com>
+
+---
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 0cd8152ee6e..b608afbc0cf 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -3441,7 +3441,6 @@ find_abstract_instance (struct comp_unit *unit,
+ struct abbrev_info *abbrev;
+ uint64_t die_ref = attr_ptr->u.val;
+ struct attribute attr;
+- const char *name = NULL;
+
+ if (recur_count == 100)
+ {
+@@ -3602,9 +3601,9 @@ find_abstract_instance (struct comp_unit *unit,
+ case DW_AT_name:
+ /* Prefer DW_AT_MIPS_linkage_name or DW_AT_linkage_name
+ over DW_AT_name. */
+- if (name == NULL && is_str_form (&attr))
++ if (*pname == NULL && is_str_form (&attr))
+ {
+- name = attr.u.str;
++ *pname = attr.u.str;
+ if (mangle_style (unit->lang) == 0)
+ *is_linkage = true;
+ }
+@@ -3612,7 +3611,7 @@ find_abstract_instance (struct comp_unit *unit,
+ case DW_AT_specification:
+ if (is_int_form (&attr)
+ && !find_abstract_instance (unit, &attr, recur_count + 1,
+- &name, is_linkage,
++ pname, is_linkage,
+ filename_ptr, linenumber_ptr))
+ return false;
+ break;
+@@ -3622,7 +3621,7 @@ find_abstract_instance (struct comp_unit *unit,
+ non-string forms into these attributes. */
+ if (is_str_form (&attr))
+ {
+- name = attr.u.str;
++ *pname = attr.u.str;
+ *is_linkage = true;
+ }
+ break;
+@@ -3630,8 +3629,11 @@ find_abstract_instance (struct comp_unit *unit,
+ if (!comp_unit_maybe_decode_line_info (unit))
+ return false;
+ if (is_int_form (&attr))
+- *filename_ptr = concat_filename (unit->line_table,
+- attr.u.val);
++ {
++ free (*filename_ptr);
++ *filename_ptr = concat_filename (unit->line_table,
++ attr.u.val);
++ }
+ break;
+ case DW_AT_decl_line:
+ if (is_int_form (&attr))
+@@ -3643,7 +3645,6 @@ find_abstract_instance (struct comp_unit *unit,
+ }
+ }
+ }
+- *pname = name;
+ return true;
+ }
+
+@@ -4139,8 +4140,11 @@ scan_unit_for_symbols (struct comp_unit *unit)
+
+ case DW_AT_decl_file:
+ if (is_int_form (&attr))
+- func->file = concat_filename (unit->line_table,
+- attr.u.val);
++ {
++ free (func->file);
++ func->file = concat_filename (unit->line_table,
++ attr.u.val);
++ }
+ break;
+
+ case DW_AT_decl_line:
+@@ -4182,8 +4186,11 @@ scan_unit_for_symbols (struct comp_unit *unit)
+
+ case DW_AT_decl_file:
+ if (is_int_form (&attr))
+- var->file = concat_filename (unit->line_table,
+- attr.u.val);
++ {
++ free (var->file);
++ var->file = concat_filename (unit->line_table,
++ attr.u.val);
++ }
+ break;
+
+ case DW_AT_decl_line:
diff --git a/meta/recipes-devtools/binutils/binutils/0030-CVE-2022-44840.patch b/meta/recipes-devtools/binutils/binutils/0030-CVE-2022-44840.patch
new file mode 100644
index 0000000000..2f4c38044b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0030-CVE-2022-44840.patch
@@ -0,0 +1,151 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 30 Oct 2022 08:38:51 +0000 (+1030)
+Subject: Pool section entries for DWP version 1
+X-Git-Tag: gdb-13-branchpoint~664
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=28750e3b967da2207d51cbce9fc8be262817ee59
+
+Pool section entries for DWP version 1
+
+Ref: https://gcc.gnu.org/wiki/DebugFissionDWP?action=recall&rev=3
+
+Fuzzers have found a weakness in the code stashing pool section
+entries. With random nonsensical values in the index entries (rather
+than each index pointing to its own set distinct from other sets),
+it's possible to overflow the space allocated, losing the NULL
+terminator. Without a terminator, find_section_in_set can run off the
+end of the shndx_pool buffer. Fix this by scanning the pool directly.
+
+binutils/
+ * dwarf.c (add_shndx_to_cu_tu_entry): Delete range check.
+ (end_cu_tu_entry): Likewise.
+ (process_cu_tu_index): Fill shndx_pool by directly scanning
+ pool, rather than indirectly from index entries.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff_plain;f=binutils/dwarf.c;h=7730293326ac1049451eb4a037ac86d827030700;hp=c6340a28906114e9df29d7401472c7dc0a98c2b1;hb=28750e3b967da2207d51cbce9fc8be262817ee59;hpb=60095ba3b8f8ba26a6389dded732fa446422c98f]
+
+CVE: CVE-2022-44840
+
+Signed-off-by: yash shinde <yash.shinde@windriver.com>
+
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index c6340a28906..7730293326a 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -10652,22 +10652,12 @@ prealloc_cu_tu_list (unsigned int nshndx)
+ static void
+ add_shndx_to_cu_tu_entry (unsigned int shndx)
+ {
+- if (shndx_pool_used >= shndx_pool_size)
+- {
+- error (_("Internal error: out of space in the shndx pool.\n"));
+- return;
+- }
+ shndx_pool [shndx_pool_used++] = shndx;
+ }
+
+ static void
+ end_cu_tu_entry (void)
+ {
+- if (shndx_pool_used >= shndx_pool_size)
+- {
+- error (_("Internal error: out of space in the shndx pool.\n"));
+- return;
+- }
+ shndx_pool [shndx_pool_used++] = 0;
+ }
+
+@@ -10773,53 +10763,55 @@ process_cu_tu_index (struct dwarf_section *section, int do_display)
+
+ if (version == 1)
+ {
++ unsigned char *shndx_list;
++ unsigned int shndx;
++
+ if (!do_display)
+- prealloc_cu_tu_list ((limit - ppool) / 4);
+- for (i = 0; i < nslots; i++)
+ {
+- unsigned char *shndx_list;
+- unsigned int shndx;
+-
+- SAFE_BYTE_GET (signature, phash, 8, limit);
+- if (signature != 0)
++ prealloc_cu_tu_list ((limit - ppool) / 4);
++ for (shndx_list = ppool + 4; shndx_list <= limit - 4; shndx_list += 4)
+ {
+- SAFE_BYTE_GET (j, pindex, 4, limit);
+- shndx_list = ppool + j * 4;
+- /* PR 17531: file: 705e010d. */
+- if (shndx_list < ppool)
+- {
+- warn (_("Section index pool located before start of section\n"));
+- return 0;
+- }
++ shndx = byte_get (shndx_list, 4);
++ add_shndx_to_cu_tu_entry (shndx);
++ }
++ end_cu_tu_entry ();
++ }
++ else
++ for (i = 0; i < nslots; i++)
++ {
++ SAFE_BYTE_GET (signature, phash, 8, limit);
++ if (signature != 0)
++ {
++ SAFE_BYTE_GET (j, pindex, 4, limit);
++ shndx_list = ppool + j * 4;
++ /* PR 17531: file: 705e010d. */
++ if (shndx_list < ppool)
++ {
++ warn (_("Section index pool located before start of section\n"));
++ return 0;
++ }
+
+- if (do_display)
+ printf (_(" [%3d] Signature: 0x%s Sections: "),
+ i, dwarf_vmatoa ("x", signature));
+- for (;;)
+- {
+- if (shndx_list >= limit)
+- {
+- warn (_("Section %s too small for shndx pool\n"),
+- section->name);
+- return 0;
+- }
+- SAFE_BYTE_GET (shndx, shndx_list, 4, limit);
+- if (shndx == 0)
+- break;
+- if (do_display)
++ for (;;)
++ {
++ if (shndx_list >= limit)
++ {
++ warn (_("Section %s too small for shndx pool\n"),
++ section->name);
++ return 0;
++ }
++ SAFE_BYTE_GET (shndx, shndx_list, 4, limit);
++ if (shndx == 0)
++ break;
+ printf (" %d", shndx);
+- else
+- add_shndx_to_cu_tu_entry (shndx);
+- shndx_list += 4;
+- }
+- if (do_display)
++ shndx_list += 4;
++ }
+ printf ("\n");
+- else
+- end_cu_tu_entry ();
+- }
+- phash += 8;
+- pindex += 4;
+- }
++ }
++ phash += 8;
++ pindex += 4;
++ }
+ }
+ else if (version == 2)
+ {
diff --git a/meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-1.patch b/meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-1.patch
new file mode 100644
index 0000000000..3db4385e13
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-1.patch
@@ -0,0 +1,147 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 24 May 2022 00:02:14 +0000 (+0930)
+Subject: PR29169, invalid read displaying fuzzed .gdb_index
+X-Git-Tag: binutils-2_39~530
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=244e19c79111eed017ee38ab1d44fb2a6cd1b636
+
+PR29169, invalid read displaying fuzzed .gdb_index
+
+ PR 29169
+ * dwarf.c (display_gdb_index): Combine sanity checks. Calculate
+ element counts, not word counts.
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=244e19c79111eed017ee38ab1d44fb2a6cd1b636]
+
+CVE: CVE-2022-45703
+
+Signed-off-by: yash shinde <yash.shinde@windriver.com>
+
+---
+
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index 7de6f28161f..c855972a12f 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -10406,7 +10406,7 @@ display_gdb_index (struct dwarf_section *section,
+ uint32_t cu_list_offset, tu_list_offset;
+ uint32_t address_table_offset, symbol_table_offset, constant_pool_offset;
+ unsigned int cu_list_elements, tu_list_elements;
+- unsigned int address_table_size, symbol_table_slots;
++ unsigned int address_table_elements, symbol_table_slots;
+ unsigned char *cu_list, *tu_list;
+ unsigned char *address_table, *symbol_table, *constant_pool;
+ unsigned int i;
+@@ -10454,48 +10454,19 @@ display_gdb_index (struct dwarf_section *section,
+ || tu_list_offset > section->size
+ || address_table_offset > section->size
+ || symbol_table_offset > section->size
+- || constant_pool_offset > section->size)
++ || constant_pool_offset > section->size
++ || tu_list_offset < cu_list_offset
++ || address_table_offset < tu_list_offset
++ || symbol_table_offset < address_table_offset
++ || constant_pool_offset < symbol_table_offset)
+ {
+ warn (_("Corrupt header in the %s section.\n"), section->name);
+ return 0;
+ }
+
+- /* PR 17531: file: 418d0a8a. */
+- if (tu_list_offset < cu_list_offset)
+- {
+- warn (_("TU offset (%x) is less than CU offset (%x)\n"),
+- tu_list_offset, cu_list_offset);
+- return 0;
+- }
+-
+- cu_list_elements = (tu_list_offset - cu_list_offset) / 8;
+-
+- if (address_table_offset < tu_list_offset)
+- {
+- warn (_("Address table offset (%x) is less than TU offset (%x)\n"),
+- address_table_offset, tu_list_offset);
+- return 0;
+- }
+-
+- tu_list_elements = (address_table_offset - tu_list_offset) / 8;
+-
+- /* PR 17531: file: 18a47d3d. */
+- if (symbol_table_offset < address_table_offset)
+- {
+- warn (_("Symbol table offset (%x) is less then Address table offset (%x)\n"),
+- symbol_table_offset, address_table_offset);
+- return 0;
+- }
+-
+- address_table_size = symbol_table_offset - address_table_offset;
+-
+- if (constant_pool_offset < symbol_table_offset)
+- {
+- warn (_("Constant pool offset (%x) is less than symbol table offset (%x)\n"),
+- constant_pool_offset, symbol_table_offset);
+- return 0;
+- }
+-
++ cu_list_elements = (tu_list_offset - cu_list_offset) / 16;
++ tu_list_elements = (address_table_offset - tu_list_offset) / 24;
++ address_table_elements = (symbol_table_offset - address_table_offset) / 20;
+ symbol_table_slots = (constant_pool_offset - symbol_table_offset) / 8;
+
+ cu_list = start + cu_list_offset;
+@@ -10504,31 +10475,25 @@ display_gdb_index (struct dwarf_section *section,
+ symbol_table = start + symbol_table_offset;
+ constant_pool = start + constant_pool_offset;
+
+- if (address_table_offset + address_table_size > section->size)
+- {
+- warn (_("Address table extends beyond end of section.\n"));
+- return 0;
+- }
+-
+ printf (_("\nCU table:\n"));
+- for (i = 0; i < cu_list_elements; i += 2)
++ for (i = 0; i < cu_list_elements; i++)
+ {
+- uint64_t cu_offset = byte_get_little_endian (cu_list + i * 8, 8);
+- uint64_t cu_length = byte_get_little_endian (cu_list + i * 8 + 8, 8);
++ uint64_t cu_offset = byte_get_little_endian (cu_list + i * 16, 8);
++ uint64_t cu_length = byte_get_little_endian (cu_list + i * 16 + 8, 8);
+
+- printf (_("[%3u] 0x%lx - 0x%lx\n"), i / 2,
++ printf (_("[%3u] 0x%lx - 0x%lx\n"), i,
+ (unsigned long) cu_offset,
+ (unsigned long) (cu_offset + cu_length - 1));
+ }
+
+ printf (_("\nTU table:\n"));
+- for (i = 0; i < tu_list_elements; i += 3)
++ for (i = 0; i < tu_list_elements; i++)
+ {
+- uint64_t tu_offset = byte_get_little_endian (tu_list + i * 8, 8);
+- uint64_t type_offset = byte_get_little_endian (tu_list + i * 8 + 8, 8);
+- uint64_t signature = byte_get_little_endian (tu_list + i * 8 + 16, 8);
++ uint64_t tu_offset = byte_get_little_endian (tu_list + i * 24, 8);
++ uint64_t type_offset = byte_get_little_endian (tu_list + i * 24 + 8, 8);
++ uint64_t signature = byte_get_little_endian (tu_list + i * 24 + 16, 8);
+
+- printf (_("[%3u] 0x%lx 0x%lx "), i / 3,
++ printf (_("[%3u] 0x%lx 0x%lx "), i,
+ (unsigned long) tu_offset,
+ (unsigned long) type_offset);
+ print_dwarf_vma (signature, 8);
+@@ -10536,12 +10501,11 @@ display_gdb_index (struct dwarf_section *section,
+ }
+
+ printf (_("\nAddress table:\n"));
+- for (i = 0; i < address_table_size && i <= address_table_size - (2 * 8 + 4);
+- i += 2 * 8 + 4)
++ for (i = 0; i < address_table_elements; i++)
+ {
+- uint64_t low = byte_get_little_endian (address_table + i, 8);
+- uint64_t high = byte_get_little_endian (address_table + i + 8, 8);
+- uint32_t cu_index = byte_get_little_endian (address_table + i + 16, 4);
++ uint64_t low = byte_get_little_endian (address_table + i * 20, 8);
++ uint64_t high = byte_get_little_endian (address_table + i * 20 + 8, 8);
++ uint32_t cu_index = byte_get_little_endian (address_table + i + 20 + 16, 4);
+
+ print_dwarf_vma (low, 8);
+ print_dwarf_vma (high, 8);
diff --git a/meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-2.patch b/meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-2.patch
new file mode 100644
index 0000000000..1fac9739dd
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-2.patch
@@ -0,0 +1,31 @@
+From 69bfd1759db41c8d369f9dcc98a135c5a5d97299 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Fri, 18 Nov 2022 11:29:13 +1030
+Subject: [PATCH] PR29799 heap buffer overflow in display_gdb_index
+ dwarf.c:10548
+
+ PR 29799
+ * dwarf.c (display_gdb_index): Typo fix.
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff_plain;f=binutils/dwarf.c;h=4bba8dfb81a6df49f5e61b3fae99dd545cc5c7dd;hp=7730293326ac1049451eb4a037ac86d827030700;hb=69bfd1759db41c8d369f9dcc98a135c5a5d97299;hpb=7828dfa93b210b6bbc6596e6e096cc150a9f8aa4]
+
+CVE: CVE-2022-45703
+
+Signed-off-by: yash shinde <yash.shinde@windriver.com>
+
+---
+ binutils/dwarf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/binutils/dwarf.c b/binutils/dwarf.c
+index 7730293326a..4bba8dfb81a 100644
+--- a/binutils/dwarf.c
++++ b/binutils/dwarf.c
+@@ -10562,7 +10562,7 @@ display_gdb_index (struct dwarf_section
+ {
+ uint64_t low = byte_get_little_endian (address_table + i * 20, 8);
+ uint64_t high = byte_get_little_endian (address_table + i * 20 + 8, 8);
+- uint32_t cu_index = byte_get_little_endian (address_table + i + 20 + 16, 4);
++ uint32_t cu_index = byte_get_little_endian (address_table + i * 20 + 16, 4);
+
+ print_dwarf_vma (low, 8);
+ print_dwarf_vma (high, 8);
diff --git a/meta/recipes-devtools/binutils/binutils/0031-CVE-2022-47695.patch b/meta/recipes-devtools/binutils/binutils/0031-CVE-2022-47695.patch
new file mode 100644
index 0000000000..f2e9cea027
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0031-CVE-2022-47695.patch
@@ -0,0 +1,58 @@
+From 2f7426b9bb2d2450b32cad3d79fab9abe3ec42bb Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Sun, 4 Dec 2022 22:15:40 +1030
+Subject: [PATCH] PR29846, segmentation fault in objdump.c compare_symbols
+
+Fixes a fuzzed object file problem where plt relocs were manipulated
+in such a way that two synthetic symbols were generated at the same
+plt location. Won't occur in real object files.
+
+ PR 29846
+ PR 20337
+ * objdump.c (compare_symbols): Test symbol flags to exclude
+ section and synthetic symbols before attempting to check flavour.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=3d3af4ba39e892b1c544d667ca241846bc3df386]
+
+CVE: CVE-2022-47695
+
+Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com>
+---
+ binutils/objdump.c | 23 ++++++++++-------------
+ 1 file changed, 10 insertions(+), 13 deletions(-)
+
+diff --git a/binutils/objdump.c b/binutils/objdump.c
+index 08a0fe521d8..21f75f4db40 100644
+--- a/binutils/objdump.c
++++ b/binutils/objdump.c
+@@ -1165,20 +1165,17 @@ compare_symbols (const void *ap, const void *bp)
+ return 1;
+ }
+
+- if (bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour
++ /* Sort larger size ELF symbols before smaller. See PR20337. */
++ bfd_vma asz = 0;
++ if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
++ && bfd_get_flavour (bfd_asymbol_bfd (a)) == bfd_target_elf_flavour)
++ asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
++ bfd_vma bsz = 0;
++ if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0
+ && bfd_get_flavour (bfd_asymbol_bfd (b)) == bfd_target_elf_flavour)
+- {
+- bfd_vma asz, bsz;
+-
+- asz = 0;
+- if ((a->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
+- asz = ((elf_symbol_type *) a)->internal_elf_sym.st_size;
+- bsz = 0;
+- if ((b->flags & (BSF_SECTION_SYM | BSF_SYNTHETIC)) == 0)
+- bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
+- if (asz != bsz)
+- return asz > bsz ? -1 : 1;
+- }
++ bsz = ((elf_symbol_type *) b)->internal_elf_sym.st_size;
++ if (asz != bsz)
++ return asz > bsz ? -1 : 1;
+
+ /* Symbols that start with '.' might be section names, so sort them
+ after symbols that don't start with '.'. */
diff --git a/meta/recipes-devtools/binutils/binutils/0032-CVE-2022-47010.patch b/meta/recipes-devtools/binutils/binutils/0032-CVE-2022-47010.patch
new file mode 100644
index 0000000000..9648033e67
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0032-CVE-2022-47010.patch
@@ -0,0 +1,38 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 20 Jun 2022 01:09:31 +0000 (+0930)
+Subject: PR29262, memory leak in pr_function_type
+X-Git-Tag: binutils-2_39~224
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0d02e70b197c786f26175b9a73f94e01d14abdab
+
+PR29262, memory leak in pr_function_type
+
+ PR 29262
+ * prdbg.c (pr_function_type): Free "s" on failure path.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0d02e70b197c786f26175b9a73f94e01d14abdab]
+
+CVE: CVE-2022-47010
+
+Signed-off-by: Sanjana Venkatesh <Sanjana.Venkatesh@windriver.com>
+
+---
+
+diff --git a/binutils/prdbg.c b/binutils/prdbg.c
+index c1e41628d26..bb42a5b6c2d 100644
+--- a/binutils/prdbg.c
++++ b/binutils/prdbg.c
+@@ -742,12 +742,9 @@ pr_function_type (void *p, int argcount, bool varargs)
+
+ strcat (s, ")");
+
+- if (! substitute_type (info, s))
+- return false;
+-
++ bool ret = substitute_type (info, s);
+ free (s);
+-
+- return true;
++ return ret;
+ }
+
+ /* Turn the top type on the stack into a reference to that type. */
diff --git a/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
new file mode 100644
index 0000000000..cc6dfe684b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
@@ -0,0 +1,34 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Thu, 16 Jun 2022 23:30:41 +0000 (+0930)
+Subject: PR29254, memory leak in stab_demangle_v3_arg
+X-Git-Tag: binutils-2_39~237
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb
+
+PR29254, memory leak in stab_demangle_v3_arg
+
+ PR 29254
+ * stabs.c (stab_demangle_v3_arg): Free dt on failure path.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb]
+
+CVE: CVE-2022-47007
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+---
+
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index 2b5241637c1..796ff85b86a 100644
+--- a/binutils/stabs.c
++++ b/binutils/stabs.c
+@@ -5467,7 +5467,10 @@ stab_demangle_v3_arg (void *dhandle, struct stab_handle *info,
+ dc->u.s_binary.right,
+ &varargs);
+ if (pargs == NULL)
+- return NULL;
++ {
++ free (dt);
++ return NULL;
++ }
+
+ return debug_make_function_type (dhandle, dt, pargs, varargs);
+ }
diff --git a/meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch b/meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch
new file mode 100644
index 0000000000..b0840366c7
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0034-CVE-2022-48064.patch
@@ -0,0 +1,57 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 20 Dec 2022 13:17:03 +0000 (+1030)
+Subject: PR29922, SHT_NOBITS section avoids section size sanity check
+X-Git-Tag: binutils-2_40~202
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8f2c64de86bc3d7556121fe296dd679000283931
+
+PR29922, SHT_NOBITS section avoids section size sanity check
+
+ PR 29922
+ * dwarf2.c (find_debug_info): Ignore sections without
+ SEC_HAS_CONTENTS.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=8f2c64de86bc3d7556121fe296dd679000283931]
+
+CVE: CVE-2022-48064
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+---
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 95f45708e9d..0cd8152ee6e 100644
+--- a/bfd/dwarf2.c
++++ b/bfd/dwarf2.c
+@@ -4831,16 +4831,19 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
+ {
+ look = debug_sections[debug_info].uncompressed_name;
+ msec = bfd_get_section_by_name (abfd, look);
+- if (msec != NULL)
++ /* Testing SEC_HAS_CONTENTS is an anti-fuzzer measure. Of
++ course debug sections always have contents. */
++ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
+ return msec;
+
+ look = debug_sections[debug_info].compressed_name;
+ msec = bfd_get_section_by_name (abfd, look);
+- if (msec != NULL)
++ if (msec != NULL && (msec->flags & SEC_HAS_CONTENTS) != 0)
+ return msec;
+
+ for (msec = abfd->sections; msec != NULL; msec = msec->next)
+- if (startswith (msec->name, GNU_LINKONCE_INFO))
++ if ((msec->flags & SEC_HAS_CONTENTS) != 0
++ && startswith (msec->name, GNU_LINKONCE_INFO))
+ return msec;
+
+ return NULL;
+@@ -4848,6 +4851,9 @@ find_debug_info (bfd *abfd, const struct dwarf_debug_section *debug_sections,
+
+ for (msec = after_sec->next; msec != NULL; msec = msec->next)
+ {
++ if ((msec->flags & SEC_HAS_CONTENTS) == 0)
++ continue;
++
+ look = debug_sections[debug_info].uncompressed_name;
+ if (strcmp (msec->name, look) == 0)
+ return msec;
diff --git a/meta/recipes-devtools/binutils/binutils/0035-CVE-2023-39129.patch b/meta/recipes-devtools/binutils/binutils/0035-CVE-2023-39129.patch
new file mode 100644
index 0000000000..63fb44d59a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0035-CVE-2023-39129.patch
@@ -0,0 +1,50 @@
+From: Keith Seitz <keiths@...>
+Date: Wed, 2 Aug 2023 15:35:11 +0000 (-0700)
+Subject: Verify COFF symbol stringtab offset
+X-Git-Tag: gdb-14-branchpoint~473
+X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=58abdf887821a5da09ba184c6e400a3bc5cccd5a
+
+Verify COFF symbol stringtab offset
+
+This patch addresses an issue with malformed/fuzzed debug information that
+was recently reported in gdb/30639. That bug specifically deals with
+an ASAN issue, but the reproducer provided by the reporter causes a
+another failure outside of ASAN:
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=58abdf887821a5da09ba184c6e400a3bc5cccd5a]
+
+CVE: CVE-2023-39129
+
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+
+diff --git a/gdb/coffread.c b/gdb/coffread.c
+--- a/gdb/coffread.c
++++ b/gdb/coffread.c
+@@ -159,6 +160,7 @@ static file_ptr linetab_offset;
+ static file_ptr linetab_size;
+
+ static char *stringtab = NULL;
++static long stringtab_length = 0;
+
+ extern void stabsread_clear_cache (void);
+
+@@ -1303,6 +1298,7 @@ init_stringtab (bfd *abfd, file_ptr offset, gdb::unique_xmalloc_ptr<char> *stora
+ /* This is in target format (probably not very useful, and not
+ currently used), not host format. */
+ memcpy (stringtab, lengthbuf, sizeof lengthbuf);
++ stringtab_length = length;
+ if (length == sizeof length) /* Empty table -- just the count. */
+ return 0;
+
+@@ -1322,8 +1318,9 @@ getsymname (struct internal_syment *symbol_entry)
+
+ if (symbol_entry->_n._n_n._n_zeroes == 0)
+ {
+- /* FIXME: Probably should be detecting corrupt symbol files by
+- seeing whether offset points to within the stringtab. */
++ if (symbol_entry->_n._n_n._n_offset > stringtab_length)
++ error (_("COFF Error: string table offset (%ld) outside string table (length %ld)"),
++ symbol_entry->_n._n_n._n_offset, stringtab_length);
+ result = stringtab + symbol_entry->_n._n_n._n_offset;
+ }
+ else
diff --git a/meta/recipes-devtools/binutils/binutils/0036-CVE-2023-39130.patch b/meta/recipes-devtools/binutils/binutils/0036-CVE-2023-39130.patch
new file mode 100644
index 0000000000..bfd5b18d7d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0036-CVE-2023-39130.patch
@@ -0,0 +1,326 @@
+From 2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Wed, 9 Aug 2023 09:58:36 +0930
+Subject: [PATCH] gdb: warn unused result for bfd IO functions
+
+This fixes the compilation warnings introduced by my bfdio.c patch.
+
+The removed bfd_seeks in coff_symfile_read date back to 1994, commit
+7f4c859520, prior to which the file used stdio rather than bfd to read
+symbols. Since it now uses bfd to read the file there should be no
+need to synchronise to bfd's idea of the file position. I also fixed
+a potential uninitialised memory access.
+
+Approved-By: Andrew Burgess <aburgess@redhat.com>
+
+Upstream-Status: Backport from [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=2db20b97f1dc3e5dce3d6ed74a8a62f0dede8c80]
+CVE: CVE-2023-39130
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+---
+ gdb/coff-pe-read.c | 114 +++++++++++++++++++++++++++++----------------
+ gdb/coffread.c | 27 ++---------
+ gdb/dbxread.c | 7 +--
+ gdb/xcoffread.c | 5 +-
+ 4 files changed, 85 insertions(+), 68 deletions(-)
+
+diff --git a/gdb/coff-pe-read.c b/gdb/coff-pe-read.c
+--- a/gdb/coff-pe-read.c
++++ b/gdb/coff-pe-read.c
+@@ -291,23 +291,31 @@ read_pe_truncate_name (char *dll_name)
+
+ /* Low-level support functions, direct from the ld module pe-dll.c. */
+ static unsigned int
+-pe_get16 (bfd *abfd, int where)
++pe_get16 (bfd *abfd, int where, bool *fail)
+ {
+ unsigned char b[2];
+
+- bfd_seek (abfd, (file_ptr) where, SEEK_SET);
+- bfd_bread (b, (bfd_size_type) 2, abfd);
++ if (bfd_seek (abfd, where, SEEK_SET) != 0
++ || bfd_bread (b, 2, abfd) != 2)
++ {
++ *fail = true;
++ return 0;
++ }
+ return b[0] + (b[1] << 8);
+ }
+
+ static unsigned int
+-pe_get32 (bfd *abfd, int where)
++pe_get32 (bfd *abfd, int where, bool *fail)
+ {
+ unsigned char b[4];
+
+- bfd_seek (abfd, (file_ptr) where, SEEK_SET);
+- bfd_bread (b, (bfd_size_type) 4, abfd);
+- return b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24);
++ if (bfd_seek (abfd, where, SEEK_SET) != 0
++ || bfd_bread (b, 4, abfd) != 4)
++ {
++ *fail = true;
++ return 0;
++ }
++ return b[0] + (b[1] << 8) + (b[2] << 16) + ((unsigned) b[3] << 24);
+ }
+
+ static unsigned int
+@@ -323,7 +331,7 @@ pe_as32 (void *ptr)
+ {
+ unsigned char *b = (unsigned char *) ptr;
+
+- return b[0] + (b[1] << 8) + (b[2] << 16) + (b[3] << 24);
++ return b[0] + (b[1] << 8) + (b[2] << 16) + ((unsigned) b[3] << 24);
+ }
+
+ /* Read the (non-debug) export symbol table from a portable
+@@ -376,37 +384,50 @@ read_pe_exported_syms (minimal_symbol_re
+ || strcmp (target, "pei-i386") == 0
+ || strcmp (target, "pe-arm-wince-little") == 0
+ || strcmp (target, "pei-arm-wince-little") == 0);
++
++ /* Possibly print a debug message about DLL not having a valid format. */
++ auto maybe_print_debug_msg = [&] () -> void {
++ if (debug_coff_pe_read)
++ fprintf_unfiltered (gdb_stdlog, _("%s doesn't appear to be a DLL\n"),
++ bfd_get_filename (dll));
++ };
++
+ if (!is_pe32 && !is_pe64)
+- {
+- /* This is not a recognized PE format file. Abort now, because
+- the code is untested on anything else. *FIXME* test on
+- further architectures and loosen or remove this test. */
+- return;
+- }
++ return maybe_print_debug_msg ();
+
+ /* Get pe_header, optional header and numbers of export entries. */
+- pe_header_offset = pe_get32 (dll, 0x3c);
++ bool fail = false;
++ pe_header_offset = pe_get32 (dll, 0x3c, &fail);
++ if (fail)
++ return maybe_print_debug_msg ();
+ opthdr_ofs = pe_header_offset + 4 + 20;
+ if (is_pe64)
+- num_entries = pe_get32 (dll, opthdr_ofs + 108);
++ num_entries = pe_get32 (dll, opthdr_ofs + 108, &fail);
+ else
+- num_entries = pe_get32 (dll, opthdr_ofs + 92);
++ num_entries = pe_get32 (dll, opthdr_ofs + 92, &fail);
++ if (fail)
++ return maybe_print_debug_msg ();
+
+ if (num_entries < 1) /* No exports. */
+ return;
+ if (is_pe64)
+ {
+- export_opthdrrva = pe_get32 (dll, opthdr_ofs + 112);
+- export_opthdrsize = pe_get32 (dll, opthdr_ofs + 116);
++ export_opthdrrva = pe_get32 (dll, opthdr_ofs + 112, &fail);
++ export_opthdrsize = pe_get32 (dll, opthdr_ofs + 116, &fail);
+ }
+ else
+ {
+- export_opthdrrva = pe_get32 (dll, opthdr_ofs + 96);
+- export_opthdrsize = pe_get32 (dll, opthdr_ofs + 100);
++ export_opthdrrva = pe_get32 (dll, opthdr_ofs + 96, &fail);
++ export_opthdrsize = pe_get32 (dll, opthdr_ofs + 100, &fail);
+ }
+- nsections = pe_get16 (dll, pe_header_offset + 4 + 2);
++ if (fail)
++ return maybe_print_debug_msg ();
++
++ nsections = pe_get16 (dll, pe_header_offset + 4 + 2, &fail);
+ secptr = (pe_header_offset + 4 + 20 +
+- pe_get16 (dll, pe_header_offset + 4 + 16));
++ pe_get16 (dll, pe_header_offset + 4 + 16, &fail));
++ if (fail)
++ return maybe_print_debug_msg ();
+ expptr = 0;
+ export_size = 0;
+
+@@ -415,12 +436,13 @@ read_pe_exported_syms (minimal_symbol_re
+ {
+ char sname[8];
+ unsigned long secptr1 = secptr + 40 * i;
+- unsigned long vaddr = pe_get32 (dll, secptr1 + 12);
+- unsigned long vsize = pe_get32 (dll, secptr1 + 16);
+- unsigned long fptr = pe_get32 (dll, secptr1 + 20);
+-
+- bfd_seek (dll, (file_ptr) secptr1, SEEK_SET);
+- bfd_bread (sname, (bfd_size_type) sizeof (sname), dll);
++ unsigned long vaddr = pe_get32 (dll, secptr1 + 12, &fail);
++ unsigned long vsize = pe_get32 (dll, secptr1 + 16, &fail);
++ unsigned long fptr = pe_get32 (dll, secptr1 + 20, &fail);
++
++ if (fail
++ || bfd_seek (dll, secptr1, SEEK_SET) != 0
++ || bfd_bread (sname, sizeof (sname), dll) != sizeof (sname))
+
+ if ((strcmp (sname, ".edata") == 0)
+ || (vaddr <= export_opthdrrva && export_opthdrrva < vaddr + vsize))
+@@ -461,16 +483,18 @@ read_pe_exported_syms (minimal_symbol_re
+ for (i = 0; i < nsections; i++)
+ {
+ unsigned long secptr1 = secptr + 40 * i;
+- unsigned long vsize = pe_get32 (dll, secptr1 + 8);
+- unsigned long vaddr = pe_get32 (dll, secptr1 + 12);
+- unsigned long characteristics = pe_get32 (dll, secptr1 + 36);
++ unsigned long vsize = pe_get32 (dll, secptr1 + 8, &fail);
++ unsigned long vaddr = pe_get32 (dll, secptr1 + 12, &fail);
++ unsigned long characteristics = pe_get32 (dll, secptr1 + 36, &fail);
+ char sec_name[SCNNMLEN + 1];
+ int sectix;
+ unsigned int bfd_section_index;
+ asection *section;
+
+- bfd_seek (dll, (file_ptr) secptr1 + 0, SEEK_SET);
+- bfd_bread (sec_name, (bfd_size_type) SCNNMLEN, dll);
++ if (fail
++ || bfd_seek (dll, secptr1 + 0, SEEK_SET) != 0
++ || bfd_bread (sec_name, SCNNMLEN, dll) != SCNNMLEN)
++ return maybe_print_debug_msg ();
+ sec_name[SCNNMLEN] = '\0';
+
+ sectix = read_pe_section_index (sec_name);
+@@ -509,8 +533,9 @@ read_pe_exported_syms (minimal_symbol_re
+ gdb::def_vector<unsigned char> expdata_storage (export_size);
+ expdata = expdata_storage.data ();
+
+- bfd_seek (dll, (file_ptr) expptr, SEEK_SET);
+- bfd_bread (expdata, (bfd_size_type) export_size, dll);
++ if (bfd_seek (dll, expptr, SEEK_SET) != 0
++ || bfd_bread (expdata, export_size, dll) != export_size)
++ return maybe_print_debug_msg ();
+ erva = expdata - export_rva;
+
+ nexp = pe_as32 (expdata + 24);
+@@ -658,20 +683,27 @@ pe_text_section_offset (struct bfd *abfd
+ }
+
+ /* Get pe_header, optional header and numbers of sections. */
+- pe_header_offset = pe_get32 (abfd, 0x3c);
+- nsections = pe_get16 (abfd, pe_header_offset + 4 + 2);
++ bool fail = false;
++ pe_header_offset = pe_get32 (abfd, 0x3c, &fail);
++ if (fail)
++ return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET;
++ nsections = pe_get16 (abfd, pe_header_offset + 4 + 2, &fail);
+ secptr = (pe_header_offset + 4 + 20 +
+- pe_get16 (abfd, pe_header_offset + 4 + 16));
++ pe_get16 (abfd, pe_header_offset + 4 + 16, &fail));
++ if (fail)
++ return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET;
+
+ /* Get the rva and size of the export section. */
+ for (i = 0; i < nsections; i++)
+ {
+ char sname[SCNNMLEN + 1];
+ unsigned long secptr1 = secptr + 40 * i;
+- unsigned long vaddr = pe_get32 (abfd, secptr1 + 12);
++ unsigned long vaddr = pe_get32 (abfd, secptr1 + 12, &fail);
+
+- bfd_seek (abfd, (file_ptr) secptr1, SEEK_SET);
+- bfd_bread (sname, (bfd_size_type) SCNNMLEN, abfd);
++ if (fail
++ || bfd_seek (abfd, secptr1, SEEK_SET) != 0
++ || bfd_bread (sname, SCNNMLEN, abfd) != SCNNMLEN)
++ return DEFAULT_COFF_PE_TEXT_SECTION_OFFSET;
+ sname[SCNNMLEN] = '\0';
+ if (strcmp (sname, ".text") == 0)
+ return vaddr;
+diff --git a/gdb/coffread.c b/gdb/coffread.c
+--- a/gdb/coffread.c
++++ b/gdb/coffread.c
+@@ -690,8 +690,6 @@ coff_symfile_read (struct objfile *objfi
+
+ /* FIXME: dubious. Why can't we use something normal like
+ bfd_get_section_contents? */
+- bfd_seek (abfd, abfd->where, 0);
+-
+ stabstrsize = bfd_section_size (info->stabstrsect);
+
+ coffstab_build_psymtabs (objfile,
+@@ -780,22 +778,6 @@ coff_symtab_read (minimal_symbol_reader
+
+ scoped_free_pendings free_pending;
+
+- /* Work around a stdio bug in SunOS4.1.1 (this makes me nervous....
+- it's hard to know I've really worked around it. The fix should
+- be harmless, anyway). The symptom of the bug is that the first
+- fread (in read_one_sym), will (in my example) actually get data
+- from file offset 268, when the fseek was to 264 (and ftell shows
+- 264). This causes all hell to break loose. I was unable to
+- reproduce this on a short test program which operated on the same
+- file, performing (I think) the same sequence of operations.
+-
+- It stopped happening when I put in this (former) rewind().
+-
+- FIXME: Find out if this has been reported to Sun, whether it has
+- been fixed in a later release, etc. */
+-
+- bfd_seek (objfile->obfd, 0, 0);
+-
+ /* Position to read the symbol table. */
+ val = bfd_seek (objfile->obfd, symtab_offset, 0);
+ if (val < 0)
+@@ -1285,12 +1267,13 @@ init_stringtab (bfd *abfd, file_ptr offs
+ if (bfd_seek (abfd, offset, 0) < 0)
+ return -1;
+
+- val = bfd_bread ((char *) lengthbuf, sizeof lengthbuf, abfd);
+- length = bfd_h_get_32 (symfile_bfd, lengthbuf);
+-
++ val = bfd_bread (lengthbuf, sizeof lengthbuf, abfd);
+ /* If no string table is needed, then the file may end immediately
+ after the symbols. Just return with `stringtab' set to null. */
+- if (val != sizeof lengthbuf || length < sizeof lengthbuf)
++ if (val != sizeof lengthbuf)
++ return 0;
++ length = bfd_h_get_32 (symfile_bfd, lengthbuf);
++ if (length < sizeof lengthbuf)
+ return 0;
+
+ storage->reset ((char *) xmalloc (length));
+diff --git a/gdb/dbxread.c b/gdb/dbxread.c
+--- a/gdb/dbxread.c
++++ b/gdb/dbxread.c
+@@ -812,7 +812,8 @@ stabs_seek (int sym_offset)
+ symbuf_left -= sym_offset;
+ }
+ else
+- bfd_seek (symfile_bfd, sym_offset, SEEK_CUR);
++ if (bfd_seek (symfile_bfd, sym_offset, SEEK_CUR) != 0)
++ perror_with_name (bfd_get_filename (symfile_bfd));
+ }
+
+ #define INTERNALIZE_SYMBOL(intern, extern, abfd) \
+@@ -2095,8 +2096,8 @@ dbx_expand_psymtab (legacy_psymtab *pst,
+ symbol_size = SYMBOL_SIZE (pst);
+
+ /* Read in this file's symbols. */
+- bfd_seek (objfile->obfd, SYMBOL_OFFSET (pst), SEEK_SET);
+- read_ofile_symtab (objfile, pst);
++ if (bfd_seek (objfile->obfd, SYMBOL_OFFSET (pst), SEEK_SET) == 0)
++ read_ofile_symtab (objfile, pst);
+ }
+
+ pst->readin = true;
+diff --git a/gdb/xcoffread.c b/gdb/xcoffread.c
+--- a/gdb/xcoffread.c
++++ b/gdb/xcoffread.c
+@@ -865,8 +865,9 @@ enter_line_range (struct subfile *subfil
+
+ while (curoffset <= limit_offset)
+ {
+- bfd_seek (abfd, curoffset, SEEK_SET);
+- bfd_bread (ext_lnno, linesz, abfd);
++ if (bfd_seek (abfd, curoffset, SEEK_SET) != 0
++ || bfd_bread (ext_lnno, linesz, abfd) != linesz)
++ return;
+ bfd_coff_swap_lineno_in (abfd, ext_lnno, &int_lnno);
+
+ /* Find the address this line represents. */
+--
+2.39.3
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch
new file mode 100644
index 0000000000..ea2e030503
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2022-48063.patch
@@ -0,0 +1,48 @@
+From 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 21 Dec 2022 11:51:23 +0000
+Subject: [PATCH] Fix an attempt to allocate an unreasonably large amount of
+ memory when parsing a corrupt ELF file.
+
+ PR 29924
+ * objdump.c (load_specific_debug_section): Check for excessively
+ large sections.
+
+Upstream-Status: Backport
+CVE: CVE-2022-48063
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/objdump.c | 4 +++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+Index: git/binutils/objdump.c
+===================================================================
+--- git.orig/binutils/objdump.c
++++ git/binutils/objdump.c
+@@ -3768,7 +3768,9 @@ load_specific_debug_section (enum dwarf_
+ section->size = bfd_section_size (sec);
+ /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */
+ alloced = amt = section->size + 1;
+- if (alloced != amt || alloced == 0)
++ if (alloced != amt
++ || alloced == 0
++ || (bfd_get_size (abfd) != 0 && alloced >= bfd_get_size (abfd)))
+ {
+ section->start = NULL;
+ free_debug_section (debug);
+Index: git/binutils/ChangeLog
+===================================================================
+--- git.orig/binutils/ChangeLog
++++ git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2022-12-21 Nick Clifton <nickc@redhat.com>
++
++ PR 29924
++ * objdump.c (load_specific_debug_section): Check for excessively
++ large sections.
++
+ 2022-03-23 Nick Clifton <nickc@redhat.com>
+
+ Import patch from mainline:
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-06-10 05:32:54 +0000