From 3939eccdff598f47e5b37b05d58bf1b44d3796e7 Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jussi.kukkonen@intel.com>
Date: Fri, 7 Oct 2016 14:15:38 +0300
Subject: [PATCH] Prevent buffer overflow in yy_get_next_buffer

This is upstream commit a5cbe929ac3255d371e698f62dc256afe7006466
with some additional backporting to make binutils build again.

Upstream-Status: Backport
CVE: CVE-2016-6354
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
---
 src/flex.skl | 2 +-
 src/scan.c   | 2 +-
 src/skel.c   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/flex.skl b/src/flex.skl
index ed71627..814d562 100644
--- a/src/flex.skl
+++ b/src/flex.skl
@@ -1718,7 +1718,7 @@ int yyFlexLexer::yy_get_next_buffer()
 
 	else
 		{
-			yy_size_t num_to_read =
+			int num_to_read =
 			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
 
 		while ( num_to_read <= 0 )
diff --git a/src/scan.c b/src/scan.c
index f1dce75..1949872 100644
--- a/src/scan.c
+++ b/src/scan.c
@@ -4181,7 +4181,7 @@ static int yy_get_next_buffer (void)
 
 	else
 		{
-			yy_size_t num_to_read =
+			int num_to_read =
 			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
 
 		while ( num_to_read <= 0 )
diff --git a/src/skel.c b/src/skel.c
index 26cc889..0344d18 100644
--- a/src/skel.c
+++ b/src/skel.c
@@ -1929,7 +1929,7 @@ const char *skel[] = {
   "",
   "	else",
   "		{",
-  "			yy_size_t num_to_read =",
+  "			int num_to_read =",
   "			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;",
   "",
   "		while ( num_to_read <= 0 )",
-- 
2.1.4