yasm: fix CVE-2021-33454

An issue was discovered in yasm version 1.3.0. There is a
NULL pointer dereference in yasm_expr_get_intnum() in
libyasm/expr.c.

Backport patch to fix CVE-2021-33454 per reference [1].
[1]: https://security-tracker.debian.org/tracker/CVE-2021-33454

Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Guocai He
2026-04-10 15:04:58 +08:00
committed by Anuj Mittal
parent fc30bb5eed
commit c14dcffcd7
2 changed files with 30 additions and 0 deletions
@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
file://CVE-2023-29579.patch \
file://CVE-2021-33464.patch \
file://CVE-2021-33456.patch \
file://CVE-2021-33454.patch \
"
S = "${WORKDIR}/git"