mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-09 17:39:31 +00:00
Code Issues Projects Releases Wiki Activity

nspr: remove nspr-CVE-2014-1545.patch

Browse Source 
It is a backport patch, and verified that the patch is in the source.

(From OE-Core rev: a7e723bd78e280ae48e6de725b2881b35ae21f5c)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Robert Yang
2015-04-27 20:43:22 -07:00
committed by Richard Purdie
parent 31e6dda52d
commit 2e31add771
1 changed files with 0 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch
-67
View File
@@ -1,67 +0,0 @@
Fix for CVE-2014-1545
Upstream-Status: Backport
Backported from nspr-4.10.6.tar.gz.
---
--- a/pr/src/io/prprf.c
+++ b/pr/src/io/prprf.c
@@ -50,6 +50,10 @@
#include "prlog.h"
#include "prmem.h"
+#ifdef _MSC_VER
+#define snprintf _snprintf
+#endif
+
/*
** WARNING: This code may *NOT* call PR_LOG (because PR_LOG calls it)
*/
@@ -330,7 +334,7 @@
** Convert a double precision floating point number into its printable
** form.
**
-** XXX stop using sprintf to convert floating point
+** XXX stop using snprintf to convert floating point
*/
static int cvt_f(SprintfState *ss, double d, const char *fmt0, const char *fmt1)
{
@@ -338,15 +342,14 @@
char fout[300];
int amount = fmt1 - fmt0;
- PR_ASSERT((amount > 0) && (amount < sizeof(fin)));
- if (amount >= sizeof(fin)) {
- /* Totally bogus % command to sprintf. Just ignore it */
+ if (amount <= 0 || amount >= sizeof(fin)) {
+ /* Totally bogus % command to snprintf. Just ignore it */
return 0;
}
memcpy(fin, fmt0, amount);
fin[amount] = 0;
- /* Convert floating point using the native sprintf code */
+ /* Convert floating point using the native snprintf code */
#ifdef DEBUG
{
const char *p = fin;
@@ -356,14 +359,11 @@
}
}
#endif
- sprintf(fout, fin, d);
-
- /*
- ** This assert will catch overflow's of fout, when building with
- ** debugging on. At least this way we can track down the evil piece
- ** of calling code and fix it!
- */
- PR_ASSERT(strlen(fout) < sizeof(fout));
+ memset(fout, 0, sizeof(fout));
+ snprintf(fout, sizeof(fout), fin, d);
+ /* Explicitly null-terminate fout because on Windows snprintf doesn't
+ * append a null-terminator if the buffer is too small. */
+ fout[sizeof(fout) - 1] = '\0';
return (*ss->stuff)(ss, fout, strlen(fout));
}