diff options
| author | Robert Yang <liezhi.yang@windriver.com> | 2015-04-27 20:43:22 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-04-30 23:01:26 +0100 |
| commit | a7e723bd78e280ae48e6de725b2881b35ae21f5c (patch) | |
| tree | cb6e86b6211d2741de84da2739402a261e525967 /meta/recipes-support | |
| parent | 99f9df3add049ec18dbcd604646a67dc59b3db16 (diff) | |
| download | openembedded-core-a7e723bd78e280ae48e6de725b2881b35ae21f5c.tar.gz openembedded-core-a7e723bd78e280ae48e6de725b2881b35ae21f5c.tar.bz2 openembedded-core-a7e723bd78e280ae48e6de725b2881b35ae21f5c.zip | |
nspr: remove nspr-CVE-2014-1545.patch
It is a backport patch, and verified that the patch is in the source.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support')
| -rw-r--r-- | meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch | 67 |
1 files changed, 0 insertions, 67 deletions
diff --git a/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch b/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch deleted file mode 100644 index 565ff168e0..0000000000 --- a/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch +++ /dev/null @@ -1,67 +0,0 @@ -Fix for CVE-2014-1545 - -Upstream-Status: Backport - -Backported from nspr-4.10.6.tar.gz. ---- ---- a/pr/src/io/prprf.c -+++ b/pr/src/io/prprf.c -@@ -50,6 +50,10 @@ - #include "prlog.h" - #include "prmem.h" - -+#ifdef _MSC_VER -+#define snprintf _snprintf -+#endif -+ - /* - ** WARNING: This code may *NOT* call PR_LOG (because PR_LOG calls it) - */ -@@ -330,7 +334,7 @@ - ** Convert a double precision floating point number into its printable - ** form. - ** --** XXX stop using sprintf to convert floating point -+** XXX stop using snprintf to convert floating point - */ - static int cvt_f(SprintfState *ss, double d, const char *fmt0, const char *fmt1) - { -@@ -338,15 +342,14 @@ - char fout[300]; - int amount = fmt1 - fmt0; - -- PR_ASSERT((amount > 0) && (amount < sizeof(fin))); -- if (amount >= sizeof(fin)) { -- /* Totally bogus % command to sprintf. Just ignore it */ -+ if (amount <= 0 || amount >= sizeof(fin)) { -+ /* Totally bogus % command to snprintf. Just ignore it */ - return 0; - } - memcpy(fin, fmt0, amount); - fin[amount] = 0; - -- /* Convert floating point using the native sprintf code */ -+ /* Convert floating point using the native snprintf code */ - #ifdef DEBUG - { - const char *p = fin; -@@ -356,14 +359,11 @@ - } - } - #endif -- sprintf(fout, fin, d); -- -- /* -- ** This assert will catch overflow's of fout, when building with -- ** debugging on. At least this way we can track down the evil piece -- ** of calling code and fix it! -- */ -- PR_ASSERT(strlen(fout) < sizeof(fout)); -+ memset(fout, 0, sizeof(fout)); -+ snprintf(fout, sizeof(fout), fin, d); -+ /* Explicitly null-terminate fout because on Windows snprintf doesn't -+ * append a null-terminator if the buffer is too small. */ -+ fout[sizeof(fout) - 1] = '\0'; - - return (*ss->stuff)(ss, fout, strlen(fout)); - } |