diff options
author | Jussi Kukkonen <jussi.kukkonen@intel.com> | 2016-10-10 11:30:03 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-10-11 08:26:09 +0100 |
commit | 68d56306baa21e66756fb44c6c5680e725b1e3bc (patch) | |
tree | 3b066640b3be134551fb3152621d788ca02f40cd | |
parent | 591a5aecfe4a52dc3b9e11883334c604dd9fc957 (diff) | |
download | openembedded-core-68d56306baa21e66756fb44c6c5680e725b1e3bc.tar.gz openembedded-core-68d56306baa21e66756fb44c6c5680e725b1e3bc.tar.bz2 openembedded-core-68d56306baa21e66756fb44c6c5680e725b1e3bc.zip |
flex: Backport buffer overflow fix
Fix a heap-based buffer overflow in yy_get_next_buffer()
(CVE-2016-6354).
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-devtools/flex/flex/CVE-2016-6354.patch | 59 | ||||
-rw-r--r-- | meta/recipes-devtools/flex/flex_2.6.0.bb | 1 |
2 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch b/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch new file mode 100644 index 0000000000..216ac7ae1c --- /dev/null +++ b/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch @@ -0,0 +1,59 @@ +From 3939eccdff598f47e5b37b05d58bf1b44d3796e7 Mon Sep 17 00:00:00 2001 +From: Jussi Kukkonen <jussi.kukkonen@intel.com> +Date: Fri, 7 Oct 2016 14:15:38 +0300 +Subject: [PATCH] Prevent buffer overflow in yy_get_next_buffer + +This is upstream commit a5cbe929ac3255d371e698f62dc256afe7006466 +with some additional backporting to make binutils build again. + +Upstream-Status: Backport +CVE: CVE-2016-6354 +Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> +--- + src/flex.skl | 2 +- + src/scan.c | 2 +- + src/skel.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/flex.skl b/src/flex.skl +index ed71627..814d562 100644 +--- a/src/flex.skl ++++ b/src/flex.skl +@@ -1718,7 +1718,7 @@ int yyFlexLexer::yy_get_next_buffer() + + else + { +- yy_size_t num_to_read = ++ int num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) +diff --git a/src/scan.c b/src/scan.c +index f1dce75..1949872 100644 +--- a/src/scan.c ++++ b/src/scan.c +@@ -4181,7 +4181,7 @@ static int yy_get_next_buffer (void) + + else + { +- yy_size_t num_to_read = ++ int num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) +diff --git a/src/skel.c b/src/skel.c +index 26cc889..0344d18 100644 +--- a/src/skel.c ++++ b/src/skel.c +@@ -1929,7 +1929,7 @@ const char *skel[] = { + "", + " else", + " {", +- " yy_size_t num_to_read =", ++ " int num_to_read =", + " YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;", + "", + " while ( num_to_read <= 0 )", +-- +2.1.4 + diff --git a/meta/recipes-devtools/flex/flex_2.6.0.bb b/meta/recipes-devtools/flex/flex_2.6.0.bb index 3a45752f8b..ab35b09f99 100644 --- a/meta/recipes-devtools/flex/flex_2.6.0.bb +++ b/meta/recipes-devtools/flex/flex_2.6.0.bb @@ -15,6 +15,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/flex/flex-${PV}.tar.bz2 \ file://do_not_create_pdf_doc.patch \ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ file://0002-avoid-c-comments-in-c-code-fails-with-gcc-6.patch \ + file://CVE-2016-6354.patch \ ${@bb.utils.contains('PTEST_ENABLED', '1', '', 'file://disable-tests.patch', d)} \ " |