mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-07 16:59:22 +00:00
Code Issues Projects Releases Wiki Activity

llvm: Fix CVE-2023-46049

Browse Source 
[Bitcode] Add some missing GetTypeByID failure checks

Print an error instead of crashing.

(From OE-Core rev: 9cc4518226488693942ad325d6264e52006bd061)

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Deepthi Hemraj
2024-07-29 03:10:42 -07:00
committed by Steve Sakoman
parent e781bf1095
commit e135227779
2 changed files with 35 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-devtools/llvm/llvm/CVE-2023-46049.patch
+34
View File
@@ -0,0 +1,34 @@
commit c2515a8f2be5dd23354c9891f41ad104000f88c4
Author: Nikita Popov <npopov@redhat.com>
Date: Tue Sep 26 16:51:40 2023 +0200
[Bitcode] Add some missing GetTypeByID failure checks
Print an error instead of crashing.
Fixes https://github.com/llvm/llvm-project/issues/67388.
Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/c2515a8f2be5dd23354c9891f41ad104000f88c4]
CVE: CVE-2023-46049
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
--- a/llvm/lib/Bitcode/Reader/MetadataLoader.cpp 2022-01-20 13:31:59.000000000 -0800
+++ b/llvm/lib/Bitcode/Reader/MetadataLoader.cpp 2024-07-28 21:35:31.062992219 -0700
@@ -1235,7 +1235,7 @@
}
Type *Ty = getTypeByID(Record[0]);
- if (Ty->isMetadataTy() || Ty->isVoidTy()) {
+ if (!Ty || Ty->isMetadataTy() || Ty->isVoidTy()) {
dropRecord();
break;
}
@@ -1277,7 +1277,7 @@
return error("Invalid record");
Type *Ty = getTypeByID(Record[0]);
- if (Ty->isMetadataTy() || Ty->isVoidTy())
+ if (!Ty || Ty->isMetadataTy() || Ty->isVoidTy())
return error("Invalid record");
MetadataList.assignValue(
meta/recipes-devtools/llvm/llvm_git.bb
+1
View File
@@ -33,6 +33,7 @@ SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=http
file://0007-llvm-allow-env-override-of-exe-path.patch;striplevel=2 \
file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \
file://0001-Support-Add-missing-cstdint-header-to-Signals.h.patch;striplevel=2 \
file://CVE-2023-46049.patch;striplevel=2 \
"
UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)"