import yajl-2.1.0-21.el9
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
9605668841
commit
19e62e16fa
54
SOURCES/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
Normal file
54
SOURCES/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
Normal file
@ -0,0 +1,54 @@
|
||||
From 49923ccb2143e36850bcdeb781e2bcdf5ce22f15 Mon Sep 17 00:00:00 2001
|
||||
From: John Hawthorn <john@hawthorn.email>
|
||||
Date: Wed, 2 Mar 2022 14:17:59 -0800
|
||||
Subject: [PATCH] Check need < buf->used
|
||||
|
||||
We're guaranteed a power of 2 so that this becomes 0, but we might as
|
||||
well use a check for overflow that works in more cases.
|
||||
|
||||
Unsigned integer overflow is defined behaviour, so this should be safe.
|
||||
|
||||
(cherry picked from commit 36410d536b676e836637bb20574a56ebc920eb83)
|
||||
---
|
||||
src/yajl_buf.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/yajl_buf.c b/src/yajl_buf.c
|
||||
index 1aeafde0..8bd1bea7 100644
|
||||
--- a/src/yajl_buf.c
|
||||
+++ b/src/yajl_buf.c
|
||||
@@ -30,7 +30,7 @@ struct yajl_buf_t {
|
||||
};
|
||||
|
||||
static
|
||||
-void yajl_buf_ensure_available(yajl_buf buf, size_t want)
|
||||
+int yajl_buf_ensure_available(yajl_buf buf, size_t want)
|
||||
{
|
||||
size_t need;
|
||||
|
||||
@@ -46,11 +46,15 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
|
||||
need = buf->len;
|
||||
|
||||
while (want >= (need - buf->used)) need <<= 1;
|
||||
+ if (need < buf->used) {
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
if (need != buf->len) {
|
||||
buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
|
||||
buf->len = need;
|
||||
}
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
yajl_buf yajl_buf_alloc(yajl_alloc_funcs * alloc)
|
||||
@@ -70,7 +74,8 @@ void yajl_buf_free(yajl_buf buf)
|
||||
|
||||
void yajl_buf_append(yajl_buf buf, const void * data, size_t len)
|
||||
{
|
||||
- yajl_buf_ensure_available(buf, len);
|
||||
+ if (yajl_buf_ensure_available(buf, len))
|
||||
+ return;
|
||||
if (len > 0) {
|
||||
assert(data != NULL);
|
||||
memcpy(buf->data + buf->used, data, len);
|
||||
@ -3,7 +3,7 @@
|
||||
|
||||
Name: yajl
|
||||
Version: 2.1.0
|
||||
Release: 20%{?dist}
|
||||
Release: 21%{?dist}
|
||||
Summary: Yet Another JSON Library (YAJL)
|
||||
|
||||
License: ISC
|
||||
@ -23,6 +23,7 @@ Patch1: %{name}-%{version}-pkgconfig-location.patch
|
||||
Patch2: %{name}-%{version}-pkgconfig-includedir.patch
|
||||
Patch3: %{name}-%{version}-test-location.patch
|
||||
Patch4: %{name}-%{version}-dynlink-binaries.patch
|
||||
Patch5: https://github.com/containers/yajl/commit/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: cmake
|
||||
@ -50,6 +51,7 @@ necessary for developing against the YAJL library
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
|
||||
%build
|
||||
# NB, we are not using upstream's 'configure'/'make'
|
||||
@ -94,6 +96,10 @@ cd test
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Apr 26 2022 Jindrich Novy <jnovy@redhat.com> - 2.1.0-21
|
||||
- fix CVE-2022-24795
|
||||
- Related: #2061316
|
||||
|
||||
* Fri Oct 01 2021 Jindrich Novy <jnovy@redhat.com> - 2.1.0-20
|
||||
- perform only sanity/installability tests for now
|
||||
- Related: #2000051
|
||||
|
||||
Loading…
Reference in New Issue
Block a user