[Low] Patch fluent-bit for CVE-2025-58749 (microsoft#14730)

Author: v-aaditya

SPECS/fluent-bit/CVE-2025-58749.patch

@@ -0,0 +1,48 @@
+From 95f506a6e77d3ac7588eac7263f95558edfa7f3b Mon Sep 17 00:00:00 2001
+From: Liu Jia <[email protected]>
+Date: Mon, 15 Sep 2025 15:19:51 +0800
+Subject: [PATCH] Merge commit from fork
+
+* fix overflow in check_bulk_memory_overflow
+
+Upstream Patch reference: https://github.com/bytecodealliance/wasm-micro-runtime/commit/95f506a6e77d3ac7588eac7263f95558edfa7f3b.patch
+---
+ .../core/iwasm/compilation/aot_emit_memory.c       | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/compilation/aot_emit_memory.c b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/compilation/aot_emit_memory.c
+index 8c35c3f..6a01c25 100644
+--- a/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/compilation/aot_emit_memory.c
++++ b/lib/wasm-micro-runtime-WAMR-1.3.0/core/iwasm/compilation/aot_emit_memory.c
+@@ -880,7 +880,7 @@ static LLVMValueRef
+ check_bulk_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
+                            LLVMValueRef offset, LLVMValueRef bytes)
+ {
+-    LLVMValueRef maddr, max_addr, cmp;
++    LLVMValueRef maddr, max_addr, cmp, cmp1, offset1;
+     LLVMValueRef mem_base_addr;
+     LLVMBasicBlockRef block_curr = LLVMGetInsertBlock(comp_ctx->builder);
+     LLVMBasicBlockRef check_succ;
+@@ -922,8 +922,18 @@ check_bulk_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
+         if (mem_data_size > 0 && mem_offset + mem_len <= mem_data_size) {
+             /* inside memory space */
+             /* maddr = mem_base_addr + moffset */
++            /* Perform zero extension in advance to avoid LLVMBuildInBoundsGEP2
++             * interpreting a negative address due to sign extension when
++             * mem_offset >= 2GiB */
++            if (comp_ctx->pointer_size == sizeof(uint64)) {
++                offset1 = I64_CONST(mem_offset);
++            }
++            else {
++                offset1 = I32_CONST((uint32)mem_offset);
++            }
++            CHECK_LLVM_CONST(offset1);
+             if (!(maddr = LLVMBuildInBoundsGEP2(comp_ctx->builder, INT8_TYPE,
+-                                                mem_base_addr, &offset, 1,
++                                                mem_base_addr, &offset1, 1,
+                                                 "maddr"))) {
+                 aot_set_last_error("llvm build add failed.");
+                 goto fail;
+-- 
+2.45.4
+

SPECS/fluent-bit/fluent-bit.spec

@@ -1,7 +1,7 @@
 Summary:        Fast and Lightweight Log processor and forwarder for Linux, BSD and OSX
 Name:           fluent-bit
 Version:        3.0.6
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        Apache-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -15,6 +15,7 @@ Patch4:         CVE-2024-27532.patch
 Patch5:         CVE-2024-50608.patch
 Patch6:         CVE-2024-50609.patch
 Patch7:         CVE-2025-54126.patch
+Patch8:         CVE-2025-58749.patch
 BuildRequires:  bison
 BuildRequires:  cmake
 BuildRequires:  cyrus-sasl-devel
@@ -57,7 +58,7 @@ Development files for %{name}
     -DFLB_OUT_TD=Off \
     -DFLB_OUT_ES=Off \
     -DFLB_SHARED_LIB=On \
-%if %{with_check}
+%if 0%{?with_check}
     -DFLB_TESTS_RUNTIME=On \
     -DFLB_TESTS_INTERNAL=On \
 %endif
@@ -89,6 +90,9 @@ Development files for %{name}
 %{_libdir}/fluent-bit/*.so
 
 %changelog
+* Thu Sep 25 2025 Aditya Singh <[email protected]> - 3.0.6-4
+- Patch for CVE-2025-58749
+
 * Wed Aug 06 2025 Azure Linux Security Servicing Account <[email protected]> - 3.0.6-3
 - Patch for CVE-2025-54126