Compare commits
No commits in common. "imports/c8-beta/yajl-2.1.0-10.el8" and "c8s" have entirely different histories.
imports/c8
...
c8s
|
|
@ -0,0 +1,54 @@
|
|||
From 49923ccb2143e36850bcdeb781e2bcdf5ce22f15 Mon Sep 17 00:00:00 2001
|
||||
From: John Hawthorn <john@hawthorn.email>
|
||||
Date: Wed, 2 Mar 2022 14:17:59 -0800
|
||||
Subject: [PATCH] Check need < buf->used
|
||||
|
||||
We're guaranteed a power of 2 so that this becomes 0, but we might as
|
||||
well use a check for overflow that works in more cases.
|
||||
|
||||
Unsigned integer overflow is defined behaviour, so this should be safe.
|
||||
|
||||
(cherry picked from commit 36410d536b676e836637bb20574a56ebc920eb83)
|
||||
---
|
||||
src/yajl_buf.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/yajl_buf.c b/src/yajl_buf.c
|
||||
index 1aeafde0..8bd1bea7 100644
|
||||
--- a/src/yajl_buf.c
|
||||
+++ b/src/yajl_buf.c
|
||||
@@ -30,7 +30,7 @@ struct yajl_buf_t {
|
||||
};
|
||||
|
||||
static
|
||||
-void yajl_buf_ensure_available(yajl_buf buf, size_t want)
|
||||
+int yajl_buf_ensure_available(yajl_buf buf, size_t want)
|
||||
{
|
||||
size_t need;
|
||||
|
||||
@@ -46,11 +46,15 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
|
||||
need = buf->len;
|
||||
|
||||
while (want >= (need - buf->used)) need <<= 1;
|
||||
+ if (need < buf->used) {
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
if (need != buf->len) {
|
||||
buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
|
||||
buf->len = need;
|
||||
}
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
yajl_buf yajl_buf_alloc(yajl_alloc_funcs * alloc)
|
||||
@@ -70,7 +74,8 @@ void yajl_buf_free(yajl_buf buf)
|
||||
|
||||
void yajl_buf_append(yajl_buf buf, const void * data, size_t len)
|
||||
{
|
||||
- yajl_buf_ensure_available(buf, len);
|
||||
+ if (yajl_buf_ensure_available(buf, len))
|
||||
+ return;
|
||||
if (len > 0) {
|
||||
assert(data != NULL);
|
||||
memcpy(buf->data + buf->used, data, len);
|
||||
|
|
@ -1,9 +1,11 @@
|
|||
%undefine __cmake_in_source_build
|
||||
%global _vpath_builddir build
|
||||
|
||||
Name: yajl
|
||||
Version: 2.1.0
|
||||
Release: 10%{?dist}
|
||||
Release: 11%{?dist}
|
||||
Summary: Yet Another JSON Library (YAJL)
|
||||
|
||||
Group: Development/Libraries
|
||||
License: ISC
|
||||
URL: http://lloyd.github.com/yajl/
|
||||
|
||||
|
|
@ -21,8 +23,9 @@ Patch1: %{name}-%{version}-pkgconfig-location.patch
|
|||
Patch2: %{name}-%{version}-pkgconfig-includedir.patch
|
||||
Patch3: %{name}-%{version}-test-location.patch
|
||||
Patch4: %{name}-%{version}-dynlink-binaries.patch
|
||||
Patch5: https://github.com/containers/yajl/commit/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: gcc
|
||||
BuildRequires: cmake
|
||||
|
||||
%package devel
|
||||
|
|
@ -48,21 +51,18 @@ necessary for developing against the YAJL library
|
|||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
|
||||
%build
|
||||
# NB, we are not using upstream's 'configure'/'make'
|
||||
# wrapper, instead we use cmake directly to better
|
||||
# align with Fedora standards
|
||||
mkdir build
|
||||
cd build
|
||||
%cmake ..
|
||||
make VERBOSE=1 %{?_smp_mflags}
|
||||
%cmake
|
||||
%cmake_build
|
||||
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
cd build
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
%cmake_install
|
||||
|
||||
|
||||
# No static libraries
|
||||
|
|
@ -96,6 +96,10 @@ cd test
|
|||
|
||||
|
||||
%changelog
|
||||
* Wed Apr 27 2022 Jindrich Novy <jnovy@redhat.com> - 2.1.0-11
|
||||
- fix CVE-2022-24795
|
||||
- Related: #2061390
|
||||
|
||||
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-10
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue