diff options
Diffstat (limited to 'poky/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch')
-rw-r--r-- | poky/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/poky/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch b/poky/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch deleted file mode 100644 index 46b111806..000000000 --- a/poky/meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 603ae4ed8cd65abf0776ef7f68354a5c24a3411c Mon Sep 17 00:00:00 2001 -From: Sebastien GODARD <sysstat@users.noreply.github.com> -Date: Tue, 15 Oct 2019 14:39:33 +0800 -Subject: [PATCH] Fix #232: Memory corruption bug due to Integer Overflow in - remap_struct() - -Try to avoid integer overflow when reading a corrupted binary datafile -with sadf. - -Upstream-Status: Backport [https://github.com/sysstat/sysstat/commit/83fad9c895d1ac13f76af5883b7451b3302beef5] -CVE: CVE-2019-16167 - -Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com> -Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> ---- - sa_common.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/sa_common.c b/sa_common.c -index 395c11c..cfa9007 100644 ---- a/sa_common.c -+++ b/sa_common.c -@@ -1336,7 +1336,8 @@ int remap_struct(unsigned int gtypes_nr[], unsigned int ftypes_nr[], - /* Remap [unsigned] int fields */ - d = gtypes_nr[1] - ftypes_nr[1]; - if (d) { -- if (ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1]) -+ if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + -+ ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1]) - /* Overflow */ - return -1; - -@@ -1365,7 +1366,9 @@ int remap_struct(unsigned int gtypes_nr[], unsigned int ftypes_nr[], - /* Remap possible fields (like strings of chars) following int fields */ - d = gtypes_nr[2] - ftypes_nr[2]; - if (d) { -- if (ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2]) -+ if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH + -+ gtypes_nr[1] * UL_ALIGNMENT_WIDTH + -+ ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2]) - /* Overflow */ - return -1; - --- -1.9.1 - |