Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 434506 Details for
Bug 583268
<dev-libs/expat-2.1.1-r1: Expat XML Parser Crashes on Malformed Input (CVE-2016-0718)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Hardening to previous CVE-2015-1283 in 2.1.1
CVE-2015-1283-refix.patch (text/plain), 1.33 KB, created by
Kristian Fiskerstrand (RETIRED)
on 2016-05-17 09:41:02 UTC
(
hide
)
Description:
Hardening to previous CVE-2015-1283 in 2.1.1
Filename:
MIME Type:
Creator:
Kristian Fiskerstrand (RETIRED)
Created:
2016-05-17 09:41:02 UTC
Size:
1.33 KB
patch
obsolete
>From 29a11774d8ebbafe8418b4a5ffb4cc1160b194a1 Mon Sep 17 00:00:00 2001 >From: Pascal Cuoq <cuoq@trust-in-soft.com> >Date: Sun, 15 May 2016 09:05:46 +0200 >Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix. It > does not really work: https://godbolt.org/g/Zl8gdF > >--- > expat/lib/xmlparse.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > >diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c >index 13e080d..cdb12ef 100644 >--- a/expat/lib/xmlparse.c >+++ b/expat/lib/xmlparse.c >@@ -1693,7 +1693,8 @@ XML_GetBuffer(XML_Parser parser, int len) > } > > if (len > bufferLim - bufferEnd) { >- int neededSize = len + (int)(bufferEnd - bufferPtr); >+ /* Do not invoke signed arithmetic overflow: */ >+ int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr)); > if (neededSize < 0) { > errorCode = XML_ERROR_NO_MEMORY; > return NULL; >@@ -1725,7 +1726,8 @@ XML_GetBuffer(XML_Parser parser, int len) > if (bufferSize == 0) > bufferSize = INIT_BUFFER_SIZE; > do { >- bufferSize *= 2; >+ /* Do not invoke signed arithmetic overflow: */ >+ bufferSize = (int) (2U * (unsigned) bufferSize); > } while (bufferSize < neededSize && bufferSize > 0); > if (bufferSize <= 0) { > errorCode = XML_ERROR_NO_MEMORY; >-- >2.8.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 583268
:
434502
| 434506