aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-2226.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-2226.patch')
-rw-r--r--meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-2226.patch103
1 files changed, 0 insertions, 103 deletions
diff --git a/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-2226.patch b/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-2226.patch
deleted file mode 100644
index 4decb84cdd..0000000000
--- a/meta/recipes-devtools/gcc/gcc-5.3/CVE-2016-2226.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From b8106f544a7fd485b6959ebd197bdd99a8884416 Mon Sep 17 00:00:00 2001
-From: bernds <bernds@138bc75d-0d04-0410-961f-82ee72b054a4>
-Date: Fri, 8 Apr 2016 12:10:21 +0000
-Subject: [PATCH] =?UTF-8?q?Fix=20memory=20allocation=20size=20overflows=20?=
- =?UTF-8?q?(PR69687,=20patch=20by=20Marcel=20B=C3=B6hme)?=
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
- PR c++/69687
- * cplus-dem.c: Include <limits.h> if available.
- (INT_MAX): Define if necessary.
- (remember_type, remember_Ktype, register_Btype, string_need):
- Abort if we detect cases where we the size of the allocation would
- overflow.
-
-
-
-git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@234829 138bc75d-0d04-0410-961f-82ee72b054a4
-Upstream-Status: Backport
-CVE: CVE-2016-2226
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- libiberty/ChangeLog | 7 +++++++
- libiberty/cplus-dem.c | 15 +++++++++++++++
- 2 files changed, 22 insertions(+)
-
-diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog
-index 8e82a5f..2a34356 100644
---- a/libiberty/ChangeLog
-+++ b/libiberty/ChangeLog
-@@ -1,5 +1,12 @@
- 2016-04-08 Marcel Böhme <boehme.marcel@gmail.com>
-
-+ PR c++/69687
-+ * cplus-dem.c: Include <limits.h> if available.
-+ (INT_MAX): Define if necessary.
-+ (remember_type, remember_Ktype, register_Btype, string_need):
-+ Abort if we detect cases where we the size of the allocation would
-+ overflow.
-+
- PR c++/70498
- * cplus-dem.c (gnu_special): Handle case where consume_count returns
- -1.
-diff --git a/libiberty/cplus-dem.c b/libiberty/cplus-dem.c
-index abba234..7514e57 100644
---- a/libiberty/cplus-dem.c
-+++ b/libiberty/cplus-dem.c
-@@ -56,6 +56,13 @@ void * malloc ();
- void * realloc ();
- #endif
-
-+#ifdef HAVE_LIMITS_H
-+#include <limits.h>
-+#endif
-+#ifndef INT_MAX
-+# define INT_MAX (int)(((unsigned int) ~0) >> 1) /* 0x7FFFFFFF */
-+#endif
-+
- #include <demangle.h>
- #undef CURRENT_DEMANGLING_STYLE
- #define CURRENT_DEMANGLING_STYLE work->options
-@@ -4261,6 +4268,8 @@ remember_type (struct work_stuff *work, const char *start, int len)
- }
- else
- {
-+ if (work -> typevec_size > INT_MAX / 2)
-+ xmalloc_failed (INT_MAX);
- work -> typevec_size *= 2;
- work -> typevec
- = XRESIZEVEC (char *, work->typevec, work->typevec_size);
-@@ -4288,6 +4297,8 @@ remember_Ktype (struct work_stuff *work, const char *start, int len)
- }
- else
- {
-+ if (work -> ksize > INT_MAX / 2)
-+ xmalloc_failed (INT_MAX);
- work -> ksize *= 2;
- work -> ktypevec
- = XRESIZEVEC (char *, work->ktypevec, work->ksize);
-@@ -4317,6 +4328,8 @@ register_Btype (struct work_stuff *work)
- }
- else
- {
-+ if (work -> bsize > INT_MAX / 2)
-+ xmalloc_failed (INT_MAX);
- work -> bsize *= 2;
- work -> btypevec
- = XRESIZEVEC (char *, work->btypevec, work->bsize);
-@@ -4771,6 +4784,8 @@ string_need (string *s, int n)
- else if (s->e - s->p < n)
- {
- tem = s->p - s->b;
-+ if (n > INT_MAX / 2 - tem)
-+ xmalloc_failed (INT_MAX);
- n += tem;
- n *= 2;
- s->b = XRESIZEVEC (char, s->b, n);
---
-2.3.5
-
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-19 19:43:11 +0000