Prevent from an integer overflow in RenewDouble() macro
This commit is contained in:
Petr Písař
parent
0350142371
commit
41b42279ab
|
|
@ -0,0 +1,46 @@
|
|||
From 981fbfc16220a15e72457d8ece4e014988746946 Mon Sep 17 00:00:00 2001
|
||||
From: Karl Williamson <khw@cpan.org>
|
||||
Date: Thu, 12 Mar 2020 12:48:47 -0600
|
||||
Subject: [PATCH] reentr.c: Prevent infinite looping
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
This is an easy, though paranoid hedge to prevent something that should
|
||||
never happen from causing an infinite loop if it were to happen.
|
||||
|
||||
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
||||
---
|
||||
reentr.c | 2 +-
|
||||
regen/reentr.pl | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/reentr.c b/reentr.c
|
||||
index 8438c8f90f..2429aa2f5d 100644
|
||||
--- a/reentr.c
|
||||
+++ b/reentr.c
|
||||
@@ -36,7 +36,7 @@
|
||||
|
||||
#define RenewDouble(data_pointer, size_pointer, type) \
|
||||
STMT_START { \
|
||||
- const size_t size = *(size_pointer) * 2; \
|
||||
+ const size_t size = MAX(*(size_pointer), 1) * 2; \
|
||||
Renew((data_pointer), (size), type); \
|
||||
*(size_pointer) = size; \
|
||||
} STMT_END
|
||||
diff --git a/regen/reentr.pl b/regen/reentr.pl
|
||||
index 94721e9dec..ba2e1c8fa6 100644
|
||||
--- a/regen/reentr.pl
|
||||
+++ b/regen/reentr.pl
|
||||
@@ -818,7 +818,7 @@ print $c <<"EOF";
|
||||
|
||||
#define RenewDouble(data_pointer, size_pointer, type) \\
|
||||
STMT_START { \\
|
||||
- const size_t size = *(size_pointer) * 2; \\
|
||||
+ const size_t size = MAX(*(size_pointer), 1) * 2; \\
|
||||
Renew((data_pointer), (size), type); \\
|
||||
*(size_pointer) = size; \\
|
||||
} STMT_END
|
||||
--
|
||||
2.25.4
|
||||
|
||||
|
|
@ -197,6 +197,10 @@ Patch24: perl-5.33.0-Add-missing-MANIFEST-entry-from-fix-for-debugger.pat
|
|||
# in upstream after 5.33.0
|
||||
Patch25: perl-5.33.0-reentr.c-Buffer-sizes-for-asctime_r-ctime_r-are-smal.patch
|
||||
|
||||
# Prevent from an integer overflow in RenewDouble() macro,
|
||||
# in upstream after 5.33.0
|
||||
Patch26: perl-5.33.0-reentr.c-Prevent-infinite-looping.patch
|
||||
|
||||
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
|
||||
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
|
||||
|
||||
|
|
@ -4208,6 +4212,7 @@ you're not running VMS, this module does nothing.
|
|||
%patch23 -p1
|
||||
%patch24 -p1
|
||||
%patch25 -p1
|
||||
%patch26 -p1
|
||||
%patch200 -p1
|
||||
%patch201 -p1
|
||||
|
||||
|
|
@ -4240,6 +4245,7 @@ perl -x patchlevel.h \
|
|||
'Fedora Patch23: Fix running actions after stepping in a debugger (GH#17901)' \
|
||||
'Fedora Patch24: Fix running actions after stepping in a debugger (GH#17901)' \
|
||||
'Fedora Patch25: Fix a buffer size for asctime_r() and ctime_r() functions' \
|
||||
'Fedora Patch26: Prevent from an integer overflow in RenewDouble() macro' \
|
||||
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
|
||||
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
|
||||
%{nil}
|
||||
|
|
@ -6967,6 +6973,7 @@ popd
|
|||
- Fix setting a non-blocking mode in IO::Socket::UNIX (GH#17787)
|
||||
- Fix running actions after stepping in a debugger (GH#17901)
|
||||
- Fix a buffer size for asctime_r() and ctime_r() functions
|
||||
- Prevent from an integer overflow in RenewDouble() macro
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4:5.32.0-458
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
|
|
|||
Loading…
Reference in New Issue