mirror of
https://git.yoctoproject.org/poky
synced 2026-02-15 21:23:04 +01:00
c63480c960
CVE-2017-9226 : check too big code point value for single byte CVE-2017-9227 : access to invalid address by reg->dmin value CVE-2017-9228 : invalid state(CCS_VALUE) in parse_char_class() CVE-2017-9229 : access to invalid address by reg->dmax value (From OE-Core rev: f15f01edbaa431829a50053d07ed6d6b333584c7) (From OE-Core rev: 4077e088b6e750c4143a59c5d89258ab682ed96b) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
33 lines
799 B
Diff
33 lines
799 B
Diff
From 9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 Mon Sep 17 00:00:00 2001
|
|
From: "K.Kosako" <kosako@sofnec.co.jp>
|
|
Date: Tue, 23 May 2017 16:15:35 +0900
|
|
Subject: [PATCH] fix #58 : access to invalid address by reg->dmin value
|
|
|
|
---
|
|
regexec.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
--- end of original header
|
|
|
|
CVE: CVE-2017-9227
|
|
|
|
Upstream-Status: Inappropriate [not author]
|
|
Signed-off-by: Joe Slater <joe.slater@windriver.com>
|
|
|
|
diff --git a/regexec.c b/regexec.c
|
|
index d4e577d..2fa0f3d 100644
|
|
--- a/regexec.c
|
|
+++ b/regexec.c
|
|
@@ -3154,6 +3154,8 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
|
|
}
|
|
else {
|
|
UChar *q = p + reg->dmin;
|
|
+
|
|
+ if (q >= end) return 0; /* fail */
|
|
while (p < q) p += enclen(reg->enc, p, end);
|
|
}
|
|
}
|
|
--
|
|
1.7.9.5
|
|
|