| From 3939eccdff598f47e5b37b05d58bf1b44d3796e7 Mon Sep 17 00:00:00 2001 |
| From: Jussi Kukkonen <jussi.kukkonen@intel.com> |
| Date: Fri, 7 Oct 2016 14:15:38 +0300 |
| Subject: [PATCH] Prevent buffer overflow in yy_get_next_buffer |
| |
| This is upstream commit a5cbe929ac3255d371e698f62dc256afe7006466 |
| with some additional backporting to make binutils build again. |
| |
| Upstream-Status: Backport |
| CVE: CVE-2016-6354 |
| Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> |
| --- |
| src/flex.skl | 2 +- |
| src/scan.c | 2 +- |
| src/skel.c | 2 +- |
| 3 files changed, 3 insertions(+), 3 deletions(-) |
| |
| diff --git a/src/flex.skl b/src/flex.skl |
| index ed71627..814d562 100644 |
| --- a/src/flex.skl |
| +++ b/src/flex.skl |
| @@ -1718,7 +1718,7 @@ int yyFlexLexer::yy_get_next_buffer() |
| |
| else |
| { |
| - yy_size_t num_to_read = |
| + int num_to_read = |
| YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; |
| |
| while ( num_to_read <= 0 ) |
| diff --git a/src/scan.c b/src/scan.c |
| index f1dce75..1949872 100644 |
| --- a/src/scan.c |
| +++ b/src/scan.c |
| @@ -4181,7 +4181,7 @@ static int yy_get_next_buffer (void) |
| |
| else |
| { |
| - yy_size_t num_to_read = |
| + int num_to_read = |
| YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; |
| |
| while ( num_to_read <= 0 ) |
| diff --git a/src/skel.c b/src/skel.c |
| index 26cc889..0344d18 100644 |
| --- a/src/skel.c |
| +++ b/src/skel.c |
| @@ -1929,7 +1929,7 @@ const char *skel[] = { |
| "", |
| " else", |
| " {", |
| - " yy_size_t num_to_read =", |
| + " int num_to_read =", |
| " YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;", |
| "", |
| " while ( num_to_read <= 0 )", |
| -- |
| 2.1.4 |
| |