diff options
author | Nathan <ndowens@artixlinux.org> | 2020-10-27 21:21:56 +0000 |
---|---|---|
committer | Max Rees <maxcrees@me.com> | 2020-10-28 14:42:46 -0400 |
commit | 244cf1f202ecb2d267a435b8c0063a8f07afb618 (patch) | |
tree | 1381b8cdf34df480a1f33ab8832634879866cfad /user/re2c/CVE-2020-11958.patch | |
parent | f7628676c6a915f3ab24cfae976b973e1d041245 (diff) | |
download | packages-244cf1f202ecb2d267a435b8c0063a8f07afb618.tar.gz packages-244cf1f202ecb2d267a435b8c0063a8f07afb618.tar.bz2 packages-244cf1f202ecb2d267a435b8c0063a8f07afb618.tar.xz packages-244cf1f202ecb2d267a435b8c0063a8f07afb618.zip |
user/re2c: Upgrade to 2.0.3
Diffstat (limited to 'user/re2c/CVE-2020-11958.patch')
-rw-r--r-- | user/re2c/CVE-2020-11958.patch | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/user/re2c/CVE-2020-11958.patch b/user/re2c/CVE-2020-11958.patch deleted file mode 100644 index b982b87e6..000000000 --- a/user/re2c/CVE-2020-11958.patch +++ /dev/null @@ -1,37 +0,0 @@ -From c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a Mon Sep 17 00:00:00 2001 -From: Ulya Trofimovich <skvadrik@gmail.com> -Date: Fri, 17 Apr 2020 22:47:14 +0100 -Subject: [PATCH] Fix crash in lexer refill (reported by Agostino Sarubbo). - -The crash happened in a rare case of a very long lexeme that doen't fit -into the buffer, forcing buffer reallocation. - -The crash was caused by an incorrect calculation of the shift offset -(it was smaller than necessary). As a consequence, the data from buffer -start and up to the beginning of the current lexeme was not discarded -(as it should have been), resulting in less free space for new data than -expected. ---- - src/parse/scanner.cc | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/parse/scanner.cc b/src/parse/scanner.cc -index 1d6e9efa..bd651314 100644 ---- a/src/parse/scanner.cc -+++ b/src/parse/scanner.cc -@@ -155,13 +155,14 @@ bool Scanner::fill(size_t need) - if (!buf) fatal("out of memory"); - - memmove(buf, tok, copy); -- shift_ptrs_and_fpos(buf - bot); -+ shift_ptrs_and_fpos(buf - tok); - delete [] bot; - bot = buf; - - free = BSIZE - copy; - } - -+ DASSERT(lim + free <= bot + BSIZE); - if (!read(free)) { - eof = lim; - memset(lim, 0, YYMAXFILL); |