1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
From 3939eccdff598f47e5b37b05d58bf1b44d3796e7 Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jussi.kukkonen@intel.com>
Date: Fri, 7 Oct 2016 14:15:38 +0300
Subject: [PATCH] Prevent buffer overflow in yy_get_next_buffer
This is upstream commit a5cbe929ac3255d371e698f62dc256afe7006466
with some additional backporting to make binutils build again.
Upstream-Status: Backport
CVE: CVE-2016-6354
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
---
src/flex.skl | 2 +-
src/scan.c | 2 +-
src/skel.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/flex.skl b/src/flex.skl
index ed71627..814d562 100644
--- a/src/flex.skl
+++ b/src/flex.skl
@@ -1718,7 +1718,7 @@ int yyFlexLexer::yy_get_next_buffer()
else
{
- yy_size_t num_to_read =
+ int num_to_read =
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
while ( num_to_read <= 0 )
diff --git a/src/scan.c b/src/scan.c
index f1dce75..1949872 100644
--- a/src/scan.c
+++ b/src/scan.c
@@ -4181,7 +4181,7 @@ static int yy_get_next_buffer (void)
else
{
- yy_size_t num_to_read =
+ int num_to_read =
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
while ( num_to_read <= 0 )
diff --git a/src/skel.c b/src/skel.c
index 26cc889..0344d18 100644
--- a/src/skel.c
+++ b/src/skel.c
@@ -1929,7 +1929,7 @@ const char *skel[] = {
"",
" else",
" {",
- " yy_size_t num_to_read =",
+ " int num_to_read =",
" YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;",
"",
" while ( num_to_read <= 0 )",
--
2.1.4
|
