diff options
author | Kai Kang <kai.kang@windriver.com> | 2016-07-18 17:06:36 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-07-21 07:45:01 +0100 |
commit | 0a2df616a5c3316704742f1dcf37b450920e0280 (patch) | |
tree | c9692d28c49755efbab669711a3132dd16362bbc | |
parent | 9ae6a2830dacb3c335754a6da91bd5cc30546b31 (diff) | |
download | openembedded-core-0a2df616a5c3316704742f1dcf37b450920e0280.tar.gz openembedded-core-0a2df616a5c3316704742f1dcf37b450920e0280.tar.bz2 openembedded-core-0a2df616a5c3316704742f1dcf37b450920e0280.zip |
boost: fix CVE-2012-2677
Backport patch to fix CVE-2012-2677 for boost from:
https://svn.boost.org/trac/boost/changeset/78326
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-support/boost/boost/boost-CVE-2012-2677.patch | 112 | ||||
-rw-r--r-- | meta/recipes-support/boost/boost_1.61.0.bb | 1 |
2 files changed, 113 insertions, 0 deletions
diff --git a/meta/recipes-support/boost/boost/boost-CVE-2012-2677.patch b/meta/recipes-support/boost/boost/boost-CVE-2012-2677.patch new file mode 100644 index 0000000000..859f4aaeea --- /dev/null +++ b/meta/recipes-support/boost/boost/boost-CVE-2012-2677.patch @@ -0,0 +1,112 @@ +Reference + +https://svn.boost.org/trac/boost/changeset/78326 + +Upstream-Status: Backport + +Signed-off-by: Yue Tao <yue.tao@windriver.com> + +diff --git a/boost/pool/pool.hpp.old b/boost/pool/pool.hpp +index c47b11f..417a1e0 100644 +--- a/boost/pool/pool.hpp.old ++++ b/boost/pool/pool.hpp +@@ -26,6 +26,8 @@ + + #include <boost/pool/poolfwd.hpp> + ++// std::numeric_limits ++#include <boost/limits.hpp> + // boost::integer::static_lcm + #include <boost/integer/common_factor_ct.hpp> + // boost::simple_segregated_storage +@@ -355,6 +357,15 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t + return s; + } + ++ size_type max_chunks() const ++ { //! Calculated maximum number of memory chunks that can be allocated in a single call by this Pool. ++ size_type partition_size = alloc_size(); ++ size_type POD_size = math::static_lcm<sizeof(size_type), sizeof(void *)>::value + sizeof(size_type); ++ size_type max_chunks = (std::numeric_limits<size_type>::max() - POD_size) / alloc_size(); ++ ++ return max_chunks; ++ } ++ + static void * & nextof(void * const ptr) + { //! \returns Pointer dereferenced. + //! (Provided and used for the sake of code readability :) +@@ -375,6 +386,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t + //! the first time that object needs to allocate system memory. + //! The default is 32. This parameter may not be 0. + //! \param nmax_size is the maximum number of chunks to allocate in one block. ++ set_next_size(nnext_size); ++ set_max_size(nmax_size); + } + + ~pool() +@@ -398,8 +411,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t + } + void set_next_size(const size_type nnext_size) + { //! Set number of chunks to request from the system the next time that object needs to allocate system memory. This value should never be set to 0. +- //! \returns nnext_size. +- next_size = start_size = nnext_size; ++ BOOST_USING_STD_MIN(); ++ next_size = start_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nnext_size, max_chunks()); + } + size_type get_max_size() const + { //! \returns max_size. +@@ -407,7 +420,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t + } + void set_max_size(const size_type nmax_size) + { //! Set max_size. +- max_size = nmax_size; ++ BOOST_USING_STD_MIN(); ++ max_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nmax_size, max_chunks()); + } + size_type get_requested_size() const + { //! \returns the requested size passed into the constructor. +@@ -708,9 +722,9 @@ void * pool<UserAllocator>::malloc_need_resize() + + BOOST_USING_STD_MIN(); + if(!max_size) +- next_size <<= 1; ++ set_next_size(next_size << 1); + else if( next_size*partition_size/requested_size < max_size) +- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size); ++ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size)); + + // initialize it, + store().add_block(node.begin(), node.element_size(), partition_size); +@@ -748,9 +762,9 @@ void * pool<UserAllocator>::ordered_malloc_need_resize() + + BOOST_USING_STD_MIN(); + if(!max_size) +- next_size <<= 1; ++ set_next_size(next_size << 1); + else if( next_size*partition_size/requested_size < max_size) +- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size); ++ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size)); + + // initialize it, + // (we can use "add_block" here because we know that +@@ -792,6 +806,8 @@ void * pool<UserAllocator>::ordered_malloc(const size_type n) + { //! Gets address of a chunk n, allocating new memory if not already available. + //! \returns Address of chunk n if allocated ok. + //! \returns 0 if not enough memory for n chunks. ++ if (n > max_chunks()) ++ return 0; + + const size_type partition_size = alloc_size(); + const size_type total_req_size = n * requested_size; +@@ -840,9 +856,9 @@ void * pool<UserAllocator>::ordered_malloc(const size_type n) + + BOOST_USING_STD_MIN(); + if(!max_size) +- next_size <<= 1; ++ set_next_size(next_size << 1); + else if( next_size*partition_size/requested_size < max_size) +- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size); ++ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size)); + + // insert it into the list, + // handle border case. diff --git a/meta/recipes-support/boost/boost_1.61.0.bb b/meta/recipes-support/boost/boost_1.61.0.bb index d8b14fed7b..1116444ceb 100644 --- a/meta/recipes-support/boost/boost_1.61.0.bb +++ b/meta/recipes-support/boost/boost_1.61.0.bb @@ -4,4 +4,5 @@ include boost.inc SRC_URI += "\ file://arm-intrinsics.patch \ file://consider-hardfp.patch \ + file://boost-CVE-2012-2677.patch \ " |