Commit 859c6d65 authored by Mark Felder's avatar Mark Felder
Browse files

MFH: r417847

textproc/expat2: Patch vulnerability

This patch resolves a vulnerability that may still exist due to
compiler optimizations. The previous patches for CVE-2015-1283 and
CVE-2015-2716 may not work as intended in some situations.

Security:	CVE-2016-4472

Approved by:	ports-secteam (with hat)
parent f5c962a2
......@@ -3,7 +3,7 @@
PORTNAME= expat
PORTVERSION= 2.1.1
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= textproc
MASTER_SITES= SF
......
expat/CMakeLists.txt | 3 +++
expat/lib/xmlparse.c | 48 +++++++++++++++++++++++++++++++++++++++++-------
2 files changed, 44 insertions(+), 7 deletions(-)
--- lib/xmlparse.c.orig 2016-06-30 22:23:11 UTC
+++ lib/xmlparse.c
@@ -1693,7 +1693,8 @@ XML_GetBuffer(XML_Parser parser, int len
}
if (len > bufferLim - bufferEnd) {
- int neededSize = len + (int)(bufferEnd - bufferPtr);
+ /* Do not invoke signed arithmetic overflow: */
+ int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
if (neededSize < 0) {
errorCode = XML_ERROR_NO_MEMORY;
return NULL;
@@ -1725,7 +1726,8 @@ XML_GetBuffer(XML_Parser parser, int len
if (bufferSize == 0)
bufferSize = INIT_BUFFER_SIZE;
do {
- bufferSize *= 2;
+ /* Do not invoke signed arithmetic overflow: */
+ bufferSize = (int) (2U * (unsigned) bufferSize);
} while (bufferSize < neededSize && bufferSize > 0);
if (bufferSize <= 0) {
errorCode = XML_ERROR_NO_MEMORY;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment