diff options
Diffstat (limited to 'meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-1.patch')
| -rw-r--r-- | meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-1.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-1.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-1.patch new file mode 100644 index 0000000000..3047062f54 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2021-27219-reg1-1.patch @@ -0,0 +1,36 @@ +From f8273b9aded135fe07094faebd527e43851aaf6e Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Sun, 7 Feb 2021 23:32:40 +0100 +Subject: [PATCH 1/5] giochannel: Fix length_size bounds check + +The inverted condition is an obvious error introduced by ecdf91400e9a. + +Fixes https://gitlab.gnome.org/GNOME/glib/-/issues/2323 + +(cherry picked from commit a149bf2f9030168051942124536e303af8ba6176) + +Upstream-Status: Backport [https://mirrors.ocf.berkeley.edu/ubuntu/pool/main/g/glib2.0/glib2.0_2.64.6-1~ubuntu20.04.3.debian.tar.xz] +CVE: CVE-2021-27219 +Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> + +--- + glib/giochannel.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/glib/giochannel.c b/glib/giochannel.c +index 4dec20f77..c3f3102ff 100644 +--- a/glib/giochannel.c ++++ b/glib/giochannel.c +@@ -896,7 +896,7 @@ g_io_channel_set_line_term (GIOChannel *channel, + { + /* FIXME: We’re constrained by line_term_len being a guint here */ + gsize length_size = strlen (line_term); +- g_return_if_fail (length_size > G_MAXUINT); ++ g_return_if_fail (length_size <= G_MAXUINT); + length_unsigned = (guint) length_size; + } + +-- +GitLab + + |