mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
gnuplot: fix CVE-2025-31177
CVE-2025-31177: gnuplot is affected by a heap buffer overflow at function utf8_copy_one. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2025-31177] Upstream patches: [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/226809aebb345e74d371bb43a2b434b490be527a/] Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
This commit is contained in:
@@ -0,0 +1,40 @@
|
|||||||
|
From 36a4355010a81a78cf9df03d3c76dcd599ed994b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ethan A Merritt <merritt@u.washington.edu>
|
||||||
|
Date: Wed, 15 Jan 2025 11:56:13 -0800
|
||||||
|
Subject: [PATCH] dumb: more stringent tests against y bound of dumb terminal
|
||||||
|
charcell array
|
||||||
|
|
||||||
|
Bug 2756
|
||||||
|
|
||||||
|
CVE: CVE-2025-31177
|
||||||
|
Upstream-Status: Backport [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/226809aebb345e74d371bb43a2b434b490be527a/]
|
||||||
|
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
|
||||||
|
---
|
||||||
|
term/dumb.trm | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/term/dumb.trm b/term/dumb.trm
|
||||||
|
index c93afb94e..bb22ca25f 100644
|
||||||
|
--- a/term/dumb.trm
|
||||||
|
+++ b/term/dumb.trm
|
||||||
|
@@ -637,7 +637,7 @@ DUMB_put_text(unsigned int x, unsigned int y, const char *str)
|
||||||
|
{
|
||||||
|
int i, length;
|
||||||
|
|
||||||
|
- if (y > dumb_ymax)
|
||||||
|
+ if (y < 0 || y > dumb_ymax)
|
||||||
|
return;
|
||||||
|
|
||||||
|
length = gp_strlen(str);
|
||||||
|
@@ -784,7 +784,7 @@ ENHdumb_FLUSH()
|
||||||
|
y += i;
|
||||||
|
|
||||||
|
/* print the string fragment, perhaps invisibly */
|
||||||
|
- if (ENHdumb_show && y < dumb_ymax) {
|
||||||
|
+ if (ENHdumb_show && (0 <= y && y < dumb_ymax)) {
|
||||||
|
#ifdef DUMB_UTF8
|
||||||
|
for (i = 0; i < len && x < dumb_xmax; i++, x++) {
|
||||||
|
utf8_copy_one( (char *)(&DUMB_PIXEL(x, y)), gp_strchrn(str,i));
|
||||||
|
--
|
||||||
|
2.43.0
|
||||||
|
|
||||||
@@ -17,6 +17,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${PV}/${BP}.tar.gz;name=a
|
|||||||
file://gnuplot.png \
|
file://gnuplot.png \
|
||||||
file://CVE-2025-3359.patch \
|
file://CVE-2025-3359.patch \
|
||||||
file://CVE-2025-31176.patch \
|
file://CVE-2025-31176.patch \
|
||||||
|
file://CVE-2025-31177.patch \
|
||||||
"
|
"
|
||||||
SRC_URI:append:class-target = " \
|
SRC_URI:append:class-target = " \
|
||||||
file://0002-do-not-build-demos.patch \
|
file://0002-do-not-build-demos.patch \
|
||||||
|
|||||||
Reference in New Issue
Block a user