poky/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch - openbmc/openbmc - Gitiles

 From 3939eccdff598f47e5b37b05d58bf1b44d3796e7 Mon Sep 17 00:00:00 2001
 From: Jussi Kukkonen <jussi.kukkonen@intel.com>
 Date: Fri, 7 Oct 2016 14:15:38 +0300
 Subject: [PATCH] Prevent buffer overflow in yy_get_next_buffer

 This is upstream commit a5cbe929ac3255d371e698f62dc256afe7006466
 with some additional backporting to make binutils build again.

 Upstream-Status: Backport
 CVE: CVE-2016-6354
 Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
 ---
  src/flex.skl | 2 +-
  src/scan.c   | 2 +-
  src/skel.c   | 2 +-
  3 files changed, 3 insertions(+), 3 deletions(-)

 diff --git a/src/flex.skl b/src/flex.skl
 index ed71627..814d562 100644
 --- a/src/flex.skl
 +++ b/src/flex.skl
 @@ -1718,7 +1718,7 @@ int yyFlexLexer::yy_get_next_buffer()

  	else
  		{
 -			yy_size_t num_to_read =
 +			int num_to_read =
  			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;

  		while ( num_to_read <= 0 )
 diff --git a/src/scan.c b/src/scan.c
 index f1dce75..1949872 100644
 --- a/src/scan.c
 +++ b/src/scan.c
 @@ -4181,7 +4181,7 @@ static int yy_get_next_buffer (void)

  	else
  		{
 -			yy_size_t num_to_read =
 +			int num_to_read =
  			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;

  		while ( num_to_read <= 0 )
 diff --git a/src/skel.c b/src/skel.c
 index 26cc889..0344d18 100644
 --- a/src/skel.c
 +++ b/src/skel.c
 @@ -1929,7 +1929,7 @@ const char *skel[] = {
    "",
    "	else",
    "		{",
 -  "			yy_size_t num_to_read =",
 +  "			int num_to_read =",
    "			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;",
    "",
    "		while ( num_to_read <= 0 )",
 --
 2.1.4
	From 3939eccdff598f47e5b37b05d58bf1b44d3796e7 Mon Sep 17 00:00:00 2001
	From: Jussi Kukkonen <jussi.kukkonen@intel.com>
	Date: Fri, 7 Oct 2016 14:15:38 +0300
	Subject: [PATCH] Prevent buffer overflow in yy_get_next_buffer

	This is upstream commit a5cbe929ac3255d371e698f62dc256afe7006466
	with some additional backporting to make binutils build again.

	Upstream-Status: Backport
	CVE: CVE-2016-6354
	Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
	---
	src/flex.skl \| 2 +-
	src/scan.c \| 2 +-
	src/skel.c \| 2 +-
	3 files changed, 3 insertions(+), 3 deletions(-)

	diff --git a/src/flex.skl b/src/flex.skl
	index ed71627..814d562 100644
	--- a/src/flex.skl
	+++ b/src/flex.skl
	@@ -1718,7 +1718,7 @@ int yyFlexLexer::yy_get_next_buffer()

	else
	{
	- yy_size_t num_to_read =
	+ int num_to_read =
	YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;

	while ( num_to_read <= 0 )
	diff --git a/src/scan.c b/src/scan.c
	index f1dce75..1949872 100644
	--- a/src/scan.c
	+++ b/src/scan.c
	@@ -4181,7 +4181,7 @@ static int yy_get_next_buffer (void)

	else
	{
	- yy_size_t num_to_read =
	+ int num_to_read =
	YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;

	while ( num_to_read <= 0 )
	diff --git a/src/skel.c b/src/skel.c
	index 26cc889..0344d18 100644
	--- a/src/skel.c
	+++ b/src/skel.c
	@@ -1929,7 +1929,7 @@ const char *skel[] = {
	"",
	" else",
	" {",
	- " yy_size_t num_to_read =",
	+ " int num_to_read =",
	" YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;",
	"",
	" while ( num_to_read <= 0 )",
	--
	2.1.4