diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0001-Protect-array_list_del_idx-against-size_t-overflow.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0001-Protect-array_list_del_idx-against-size_t-overflow.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0001-Protect-array_list_del_idx-against-size_t-overflow.patch b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0001-Protect-array_list_del_idx-against-size_t-overflow.patch new file mode 100644 index 000000000..15ecbe477 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-devtools/json-c/json-c/0001-Protect-array_list_del_idx-against-size_t-overflow.patch @@ -0,0 +1,29 @@ +From 099016b7e8d70a6d5dd814e788bba08d33d48426 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Mon, 4 May 2020 19:41:16 +0200 +Subject: [PATCH] Protect array_list_del_idx against size_t overflow. + +If the assignment of stop overflows due to idx and count being +larger than SIZE_T_MAX in sum, out of boundary access could happen. + +It takes invalid usage of this function for this to happen, but +I decided to add this check so array_list_del_idx is as safe against +bad usage as the other arraylist functions. +--- + arraylist.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/arraylist.c b/arraylist.c +index 12ad8af6d3..e5524aca75 100644 +--- a/arraylist.c ++++ b/arraylist.c +@@ -136,6 +136,9 @@ int array_list_del_idx(struct array_list *arr, size_t idx, size_t count) + { + size_t i, stop; + ++ /* Avoid overflow in calculation with large indices. */ ++ if (idx > SIZE_T_MAX - count) ++ return -1; + stop = idx + count; + if (idx >= arr->length || stop > arr->length) + return -1; |