diff options
Diffstat (limited to 'meta/recipes-devtools/go/go/CVE-2023-24537.patch')
-rw-r--r-- | meta/recipes-devtools/go/go/CVE-2023-24537.patch | 89 |
1 files changed, 0 insertions, 89 deletions
diff --git a/meta/recipes-devtools/go/go/CVE-2023-24537.patch b/meta/recipes-devtools/go/go/CVE-2023-24537.patch deleted file mode 100644 index 6b5dc2c8d9..0000000000 --- a/meta/recipes-devtools/go/go/CVE-2023-24537.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 110e4fb1c2e3a21631704bbfaf672230b9ba2492 Mon Sep 17 00:00:00 2001 -From: Damien Neil <dneil@google.com> -Date: Wed, 22 Mar 2023 09:33:22 -0700 -Subject: [PATCH] go/scanner: reject large line and column numbers in //line - directives - -Setting a large line or column number using a //line directive can cause -integer overflow even in small source files. - -Limit line and column numbers in //line directives to 2^30-1, which -is small enough to avoid int32 overflow on all reasonbly-sized files. - -For #59180 -Fixes CVE-2023-24537 - -Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1802456 -Reviewed-by: Julie Qiu <julieqiu@google.com> -Reviewed-by: Roland Shoemaker <bracewell@google.com> -Run-TryBot: Damien Neil <dneil@google.com> -Change-Id: I149bf34deca532af7994203fa1e6aca3c890ea14 -Reviewed-on: https://go-review.googlesource.com/c/go/+/482078 -Reviewed-by: Matthew Dempsky <mdempsky@google.com> -TryBot-Bypass: Michael Knyszek <mknyszek@google.com> -Run-TryBot: Michael Knyszek <mknyszek@google.com> -Auto-Submit: Michael Knyszek <mknyszek@google.com> - -CVE: CVE-2023-24537 -Upstream-Status: Backport -Signed-off-by: Ross Burton <ross.burton@arm.com> ---- - src/go/parser/parser_test.go | 16 ++++++++++++++++ - src/go/scanner/scanner.go | 7 +++++-- - 2 files changed, 21 insertions(+), 2 deletions(-) - -diff --git a/src/go/parser/parser_test.go b/src/go/parser/parser_test.go -index 153562df75068..22b11a0cc4535 100644 ---- a/src/go/parser/parser_test.go -+++ b/src/go/parser/parser_test.go -@@ -764,3 +764,19 @@ func TestRangePos(t *testing.T) { - }) - } - } -+ -+// TestIssue59180 tests that line number overflow doesn't cause an infinite loop. -+func TestIssue59180(t *testing.T) { -+ testcases := []string{ -+ "package p\n//line :9223372036854775806\n\n//", -+ "package p\n//line :1:9223372036854775806\n\n//", -+ "package p\n//line file:9223372036854775806\n\n//", -+ } -+ -+ for _, src := range testcases { -+ _, err := ParseFile(token.NewFileSet(), "", src, ParseComments) -+ if err == nil { -+ t.Errorf("ParseFile(%s) succeeded unexpectedly", src) -+ } -+ } -+} -diff --git a/src/go/scanner/scanner.go b/src/go/scanner/scanner.go -index 16958d22ce299..0cd9f5901d0bb 100644 ---- a/src/go/scanner/scanner.go -+++ b/src/go/scanner/scanner.go -@@ -253,13 +253,16 @@ func (s *Scanner) updateLineInfo(next, offs int, text []byte) { - return - } - -+ // Put a cap on the maximum size of line and column numbers. -+ // 30 bits allows for some additional space before wrapping an int32. -+ const maxLineCol = 1<<30 - 1 - var line, col int - i2, n2, ok2 := trailingDigits(text[:i-1]) - if ok2 { - //line filename:line:col - i, i2 = i2, i - line, col = n2, n -- if col == 0 { -+ if col == 0 || col > maxLineCol { - s.error(offs+i2, "invalid column number: "+string(text[i2:])) - return - } -@@ -269,7 +272,7 @@ func (s *Scanner) updateLineInfo(next, offs int, text []byte) { - line = n - } - -- if line == 0 { -+ if line == 0 || line > maxLineCol { - s.error(offs+i, "invalid line number: "+string(text[i:])) - return - } |