60 lines
1.5 KiB
Diff
60 lines
1.5 KiB
Diff
From 3939eccdff598f47e5b37b05d58bf1b44d3796e7 Mon Sep 17 00:00:00 2001
|
|
From: Jussi Kukkonen <jussi.kukkonen@intel.com>
|
|
Date: Fri, 7 Oct 2016 14:15:38 +0300
|
|
Subject: [PATCH] Prevent buffer overflow in yy_get_next_buffer
|
|
|
|
This is upstream commit a5cbe929ac3255d371e698f62dc256afe7006466
|
|
with some additional backporting to make binutils build again.
|
|
|
|
Upstream-Status: Backport
|
|
CVE: CVE-2016-6354
|
|
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
|
|
---
|
|
src/flex.skl | 2 +-
|
|
src/scan.c | 2 +-
|
|
src/skel.c | 2 +-
|
|
3 files changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/flex.skl b/src/flex.skl
|
|
index ed71627..814d562 100644
|
|
--- a/src/flex.skl
|
|
+++ b/src/flex.skl
|
|
@@ -1718,7 +1718,7 @@ int yyFlexLexer::yy_get_next_buffer()
|
|
|
|
else
|
|
{
|
|
- yy_size_t num_to_read =
|
|
+ int num_to_read =
|
|
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
|
|
|
|
while ( num_to_read <= 0 )
|
|
diff --git a/src/scan.c b/src/scan.c
|
|
index f1dce75..1949872 100644
|
|
--- a/src/scan.c
|
|
+++ b/src/scan.c
|
|
@@ -4181,7 +4181,7 @@ static int yy_get_next_buffer (void)
|
|
|
|
else
|
|
{
|
|
- yy_size_t num_to_read =
|
|
+ int num_to_read =
|
|
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
|
|
|
|
while ( num_to_read <= 0 )
|
|
diff --git a/src/skel.c b/src/skel.c
|
|
index 26cc889..0344d18 100644
|
|
--- a/src/skel.c
|
|
+++ b/src/skel.c
|
|
@@ -1929,7 +1929,7 @@ const char *skel[] = {
|
|
"",
|
|
" else",
|
|
" {",
|
|
- " yy_size_t num_to_read =",
|
|
+ " int num_to_read =",
|
|
" YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;",
|
|
"",
|
|
" while ( num_to_read <= 0 )",
|
|
--
|
|
2.1.4
|
|
|