yasm: fix CVE-2021-33454

An issue was discovered in yasm version 1.3.0. There is a
NULL pointer dereference in yasm_expr_get_intnum() in
libyasm/expr.c.

Backport patch to fix CVE-2021-33454 per reference [1].
[1]: https://security-tracker.debian.org/tracker/CVE-2021-33454

Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33454.patch

@@ -0,0 +1,29 @@
+From 9defefae9fbcb6958cddbfa778c1ea8605da8b8b Mon Sep 17 00:00:00 2001
+From: dataisland <dataisland@outlook.com>
+Date: Fri, 22 Sep 2023 00:21:20 -0500
+Subject: [PATCH] Fix null-pointer-dereference in yasm_expr_get_intnum (#244)
+
+CVE: CVE-2021-33454
+Upstream-Status: Backport [https://github.com/yasm/yasm/commit/9defefae9f]
+
+Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
+---
+ libyasm/expr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libyasm/expr.c b/libyasm/expr.c
+index 5b0c418b..09ae1121 100644
+--- a/libyasm/expr.c
++++ b/libyasm/expr.c
+@@ -1264,7 +1264,7 @@ yasm_expr_get_intnum(yasm_expr **ep, int calc_bc_dist)
+ {
+     *ep = yasm_expr_simplify(*ep, calc_bc_dist);
+ 
+-    if ((*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT)
++    if (*ep && (*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT)
+         return (*ep)->terms[0].data.intn;
+     else
+         return (yasm_intnum *)NULL;
+-- 
+2.34.1
+

meta-oe/recipes-devtools/yasm/yasm_git.bb

@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
            file://CVE-2023-29579.patch \
            file://CVE-2021-33464.patch \
            file://CVE-2021-33456.patch \
+           file://CVE-2021-33454.patch \
            "
 
 S = "${WORKDIR}/git"