File: libyaml-string-overflow.patch

package info (click to toggle)
libyaml-libyaml-perl 0.41-6
  • links: PTS, VCS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 1,692 kB
  • ctags: 2,664
  • sloc: ansic: 8,266; perl: 4,857; makefile: 528; sh: 27
file content (26 lines) | stat: -rw-r--r-- 1,074 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
Description: CVE-2013-6393: yaml_parser_scan_tag_uri: fix int overflow leading to buffer overflow
 This is a proposed patch from Florian Weimer <fweimer@redhat.com> for
 the string overflow issue. It has been ack'd by upstream.
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1033990
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1033990
Last-Update: 2014-01-29
---
# HG changeset patch
# User Florian Weimer <fweimer@redhat.com>
# Date 1389273500 -3600
#      Thu Jan 09 14:18:20 2014 +0100
# Node ID a54d7af707f25dc298a7be60fd152001d2b3035b
# Parent  3e6507fa0c26d20c09f8f468f2bd04aa2fd1b5b5
yaml_parser_scan_tag_uri: fix int overflow leading to buffer overflow

--- a/LibYAML/scanner.c
+++ b/LibYAML/scanner.c
@@ -2574,7 +2574,7 @@
 
     /* Resize the string to include the head. */
 
-    while (string.end - string.start <= (int)length) {
+    while ((size_t)(string.end - string.start) <= length) {
         if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) {
             parser->error = YAML_MEMORY_ERROR;
             goto error;