diff options
| author |   Yue Tao <Yue.Tao@windriver.com> | 2013-12-05 17:52:19 -0600 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-12-10 11:36:24 +0000 |
| commit | 36e2981687acc5b7a74f08718d4578f92af4dc8b (patch) | |
| tree | af725245f40bcdec3bbbee87253b90ffcd0866c0 /meta | |
| parent | e7b2b84dece29d16b8f05daf962b69e78dd64cb3 (diff) | |
| download | openembedded-core-contrib-36e2981687acc5b7a74f08718d4578f92af4dc8b.tar.gz | |
icu: CVE-2013-2924
Use-after-free vulnerability in International Components for Unicode (ICU),
as used in Google Chrome before 30.0.1599.66 and other products, allows
remote attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2924
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-support/icu/icu-51.2/add_buffer_length_check_to_UTF_16_or_32_detector.patch | 33 | ||||
| -rw-r--r-- | meta/recipes-support/icu/icu_51.2.bb | 1 |
2 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-support/icu/icu-51.2/add_buffer_length_check_to_UTF_16_or_32_detector.patch b/meta/recipes-support/icu/icu-51.2/add_buffer_length_check_to_UTF_16_or_32_detector.patch new file mode 100644 index 0000000000..ad4d61c3ea --- /dev/null +++ b/meta/recipes-support/icu/icu-51.2/add_buffer_length_check_to_UTF_16_or_32_detector.patch @@ -0,0 +1,33 @@ +--- source/i18n/csrucode.cpp ++++ source/i18n/csrucode.cpp +@@ -33,8 +33,9 @@ UBool CharsetRecog_UTF_16_BE::match(Inpu + { + const uint8_t *input = textIn->fRawInput; + int32_t confidence = 0; ++ int32_t length = textIn->fRawLength; + +- if (input[0] == 0xFE && input[1] == 0xFF) { ++ if (length >=2 && input[0] == 0xFE && input[1] == 0xFF) { + confidence = 100; + } + +@@ -57,8 +58,9 @@ UBool CharsetRecog_UTF_16_LE::match(Inpu + { + const uint8_t *input = textIn->fRawInput; + int32_t confidence = 0; ++ int32_t length = textIn->fRawLength; + +- if (input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) { ++ if (length >= 4 && input[0] == 0xFF && input[1] == 0xFE && (input[2] != 0x00 || input[3] != 0x00)) { + confidence = 100; + } + +@@ -81,7 +83,7 @@ UBool CharsetRecog_UTF_32::match(InputTe + bool hasBOM = FALSE; + int32_t confidence = 0; + +- if (getChar(input, 0) == 0x0000FEFFUL) { ++ if (limit > 0 && getChar(input, 0) == 0x0000FEFFUL) { + hasBOM = TRUE; + } + diff --git a/meta/recipes-support/icu/icu_51.2.bb b/meta/recipes-support/icu/icu_51.2.bb index aca3ea5aea..aabe07b841 100644 --- a/meta/recipes-support/icu/icu_51.2.bb +++ b/meta/recipes-support/icu/icu_51.2.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://../license.html;md5=443a74288a72fad9069a74e7637192c1" BASE_SRC_URI = "http://download.icu-project.org/files/icu4c/${PV}/icu4c-51_2-src.tgz" SRC_URI = "${BASE_SRC_URI} \ file://icu-pkgdata-large-cmd.patch \ + file://add_buffer_length_check_to_UTF_16_or_32_detector.patch \ " SRC_URI[md5sum] = "072e501b87065f3a0ca888f1b5165709" |