summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKai Kang <kai.kang@windriver.com>2016-07-18 17:06:36 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-07-21 07:45:01 +0100
commit0a2df616a5c3316704742f1dcf37b450920e0280 (patch)
treec9692d28c49755efbab669711a3132dd16362bbc
parent9ae6a2830dacb3c335754a6da91bd5cc30546b31 (diff)
downloadopenembedded-core-contrib-0a2df616a5c3316704742f1dcf37b450920e0280.tar.gz
openembedded-core-contrib-0a2df616a5c3316704742f1dcf37b450920e0280.tar.bz2
openembedded-core-contrib-0a2df616a5c3316704742f1dcf37b450920e0280.zip
boost: fix CVE-2012-2677
Backport patch to fix CVE-2012-2677 for boost from: https://svn.boost.org/trac/boost/changeset/78326 Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/boost/boost/boost-CVE-2012-2677.patch112
-rw-r--r--meta/recipes-support/boost/boost_1.61.0.bb1
2 files changed, 113 insertions, 0 deletions
diff --git a/meta/recipes-support/boost/boost/boost-CVE-2012-2677.patch b/meta/recipes-support/boost/boost/boost-CVE-2012-2677.patch
new file mode 100644
index 0000000000..859f4aaeea
--- /dev/null
+++ b/meta/recipes-support/boost/boost/boost-CVE-2012-2677.patch
@@ -0,0 +1,112 @@
+Reference
+
+https://svn.boost.org/trac/boost/changeset/78326
+
+Upstream-Status: Backport
+
+Signed-off-by: Yue Tao <yue.tao@windriver.com>
+
+diff --git a/boost/pool/pool.hpp.old b/boost/pool/pool.hpp
+index c47b11f..417a1e0 100644
+--- a/boost/pool/pool.hpp.old
++++ b/boost/pool/pool.hpp
+@@ -26,6 +26,8 @@
+
+ #include <boost/pool/poolfwd.hpp>
+
++// std::numeric_limits
++#include <boost/limits.hpp>
+ // boost::integer::static_lcm
+ #include <boost/integer/common_factor_ct.hpp>
+ // boost::simple_segregated_storage
+@@ -355,6 +357,15 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
+ return s;
+ }
+
++ size_type max_chunks() const
++ { //! Calculated maximum number of memory chunks that can be allocated in a single call by this Pool.
++ size_type partition_size = alloc_size();
++ size_type POD_size = math::static_lcm<sizeof(size_type), sizeof(void *)>::value + sizeof(size_type);
++ size_type max_chunks = (std::numeric_limits<size_type>::max() - POD_size) / alloc_size();
++
++ return max_chunks;
++ }
++
+ static void * & nextof(void * const ptr)
+ { //! \returns Pointer dereferenced.
+ //! (Provided and used for the sake of code readability :)
+@@ -375,6 +386,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
+ //! the first time that object needs to allocate system memory.
+ //! The default is 32. This parameter may not be 0.
+ //! \param nmax_size is the maximum number of chunks to allocate in one block.
++ set_next_size(nnext_size);
++ set_max_size(nmax_size);
+ }
+
+ ~pool()
+@@ -398,8 +411,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
+ }
+ void set_next_size(const size_type nnext_size)
+ { //! Set number of chunks to request from the system the next time that object needs to allocate system memory. This value should never be set to 0.
+- //! \returns nnext_size.
+- next_size = start_size = nnext_size;
++ BOOST_USING_STD_MIN();
++ next_size = start_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nnext_size, max_chunks());
+ }
+ size_type get_max_size() const
+ { //! \returns max_size.
+@@ -407,7 +420,8 @@ class pool: protected simple_segregated_storage < typename UserAllocator::size_t
+ }
+ void set_max_size(const size_type nmax_size)
+ { //! Set max_size.
+- max_size = nmax_size;
++ BOOST_USING_STD_MIN();
++ max_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(nmax_size, max_chunks());
+ }
+ size_type get_requested_size() const
+ { //! \returns the requested size passed into the constructor.
+@@ -708,9 +722,9 @@ void * pool<UserAllocator>::malloc_need_resize()
+
+ BOOST_USING_STD_MIN();
+ if(!max_size)
+- next_size <<= 1;
++ set_next_size(next_size << 1);
+ else if( next_size*partition_size/requested_size < max_size)
+- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size);
++ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size));
+
+ // initialize it,
+ store().add_block(node.begin(), node.element_size(), partition_size);
+@@ -748,9 +762,9 @@ void * pool<UserAllocator>::ordered_malloc_need_resize()
+
+ BOOST_USING_STD_MIN();
+ if(!max_size)
+- next_size <<= 1;
++ set_next_size(next_size << 1);
+ else if( next_size*partition_size/requested_size < max_size)
+- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size);
++ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size));
+
+ // initialize it,
+ // (we can use "add_block" here because we know that
+@@ -792,6 +806,8 @@ void * pool<UserAllocator>::ordered_malloc(const size_type n)
+ { //! Gets address of a chunk n, allocating new memory if not already available.
+ //! \returns Address of chunk n if allocated ok.
+ //! \returns 0 if not enough memory for n chunks.
++ if (n > max_chunks())
++ return 0;
+
+ const size_type partition_size = alloc_size();
+ const size_type total_req_size = n * requested_size;
+@@ -840,9 +856,9 @@ void * pool<UserAllocator>::ordered_malloc(const size_type n)
+
+ BOOST_USING_STD_MIN();
+ if(!max_size)
+- next_size <<= 1;
++ set_next_size(next_size << 1);
+ else if( next_size*partition_size/requested_size < max_size)
+- next_size = min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size*requested_size/ partition_size);
++ set_next_size(min BOOST_PREVENT_MACRO_SUBSTITUTION(next_size << 1, max_size * requested_size / partition_size));
+
+ // insert it into the list,
+ // handle border case.
diff --git a/meta/recipes-support/boost/boost_1.61.0.bb b/meta/recipes-support/boost/boost_1.61.0.bb
index d8b14fed7b..1116444ceb 100644
--- a/meta/recipes-support/boost/boost_1.61.0.bb
+++ b/meta/recipes-support/boost/boost_1.61.0.bb
@@ -4,4 +4,5 @@ include boost.inc
SRC_URI += "\
file://arm-intrinsics.patch \
file://consider-hardfp.patch \
+ file://boost-CVE-2012-2677.patch \
"