mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-13 17:39:57 +00:00
Changqing Li
f1d6f37efc
fix CVE-2024-25176, CVE-2024-25177, CVE-2024-25178 For apply CVE-2024-25178-0003.patch more smoothly, CVE-2024-25178-0001.patch and CVE-2024-25178-0002.patch is backported. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
33 lines
992 B
Diff
33 lines
992 B
Diff
From 810bf18ff0ddbae9b2ceb30dd8b9c901cc634d1f Mon Sep 17 00:00:00 2001
|
|
From: Changqing Li <changqing.li@windriver.com>
|
|
Date: Tue, 5 Aug 2025 14:49:06 +0800
|
|
Subject: [PATCH] Fix zero stripping in %g number formatting.
|
|
|
|
Reported by pwnhacker0x18. #1149
|
|
|
|
CVE: CVE-2024-25176
|
|
Upstream-Status: Backport [https://github.com/LuaJIT/LuaJIT/commit/343ce0edaf3906a62022936175b2f5410024cbfc]
|
|
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
|
|
---
|
|
src/lj_strfmt_num.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/lj_strfmt_num.c b/src/lj_strfmt_num.c
|
|
index 3c60695c..41214894 100644
|
|
--- a/src/lj_strfmt_num.c
|
|
+++ b/src/lj_strfmt_num.c
|
|
@@ -454,7 +454,8 @@ static char *lj_strfmt_wfnum(SBuf *sb, SFormat sf, lua_Number n, char *p)
|
|
prec--;
|
|
if (!i) {
|
|
if (ndlo == ndhi) { prec = 0; break; }
|
|
- lj_strfmt_wuint9(tail, nd[++ndlo]);
|
|
+ ndlo = (ndlo + 1) & 0x3f;
|
|
+ lj_strfmt_wuint9(tail, nd[ndlo]);
|
|
i = 9;
|
|
}
|
|
}
|
|
--
|
|
2.34.1
|
|
|