mirror of
https://git.yoctoproject.org/poky
synced 2026-03-03 05:49:39 +01:00
bbc0795ada
Existing version of ruby-native (2.2.5) was crashing on my machine (and others' too), yet a functional ruby is necessary to upgrade webkit to a version that less vulnerable to Spectre. I've performed the update by copying the ruby recipe directory over from the current pyro tree; if you want to see the list of specific commits, issue this command: git log99656fecf4meta/recipes-devtools/ruby (up to commite593d3aeb2) (From OE-Core rev: 4734a4b41898e3df252b6234ed1270a915fd1f68) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
33 lines
799 B
Diff
33 lines
799 B
Diff
From 9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 Mon Sep 17 00:00:00 2001
|
|
From: "K.Kosako" <kosako@sofnec.co.jp>
|
|
Date: Tue, 23 May 2017 16:15:35 +0900
|
|
Subject: [PATCH] fix #58 : access to invalid address by reg->dmin value
|
|
|
|
---
|
|
regexec.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
--- end of original header
|
|
|
|
CVE: CVE-2017-9227
|
|
|
|
Upstream-Status: Inappropriate [not author]
|
|
Signed-off-by: Joe Slater <joe.slater@windriver.com>
|
|
|
|
diff --git a/regexec.c b/regexec.c
|
|
index d4e577d..2fa0f3d 100644
|
|
--- a/regexec.c
|
|
+++ b/regexec.c
|
|
@@ -3154,6 +3154,8 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
|
|
}
|
|
else {
|
|
UChar *q = p + reg->dmin;
|
|
+
|
|
+ if (q >= end) return 0; /* fail */
|
|
while (p < q) p += enclen(reg->enc, p, end);
|
|
}
|
|
}
|
|
--
|
|
1.7.9.5
|
|
|