summary refs log tree commit diff
path: root/pkgs/development/libraries/expat/CVE-2015-1283-refix.patch
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/development/libraries/expat/CVE-2015-1283-refix.patch')
-rw-r--r--pkgs/development/libraries/expat/CVE-2015-1283-refix.patch37
1 files changed, 0 insertions, 37 deletions
diff --git a/pkgs/development/libraries/expat/CVE-2015-1283-refix.patch b/pkgs/development/libraries/expat/CVE-2015-1283-refix.patch
deleted file mode 100644
index db9747ea0b3..00000000000
--- a/pkgs/development/libraries/expat/CVE-2015-1283-refix.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 29a11774d8ebbafe8418b4a5ffb4cc1160b194a1 Mon Sep 17 00:00:00 2001
-From: Pascal Cuoq <cuoq@trust-in-soft.com>
-Date: Sun, 15 May 2016 09:05:46 +0200
-Subject: [PATCH] Avoid relying on undefined behavior in CVE-2015-1283 fix. It
- does not really work: https://godbolt.org/g/Zl8gdF
-
----
- expat/lib/xmlparse.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index 13e080d..cdb12ef 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -1693,7 +1693,8 @@ XML_GetBuffer(XML_Parser parser, int len)
-   }
- 
-   if (len > bufferLim - bufferEnd) {
--    int neededSize = len + (int)(bufferEnd - bufferPtr);
-+    /* Do not invoke signed arithmetic overflow: */
-+    int neededSize = (int) ((unsigned)len + (unsigned)(bufferEnd - bufferPtr));
-     if (neededSize < 0) {
-       errorCode = XML_ERROR_NO_MEMORY;
-       return NULL;
-@@ -1725,7 +1726,8 @@ XML_GetBuffer(XML_Parser parser, int len)
-       if (bufferSize == 0)
-         bufferSize = INIT_BUFFER_SIZE;
-       do {
--        bufferSize *= 2;
-+        /* Do not invoke signed arithmetic overflow: */
-+        bufferSize = (int) (2U * (unsigned) bufferSize);
-       } while (bufferSize < neededSize && bufferSize > 0);
-       if (bufferSize <= 0) {
-         errorCode = XML_ERROR_NO_MEMORY;
--- 
-2.8.2
-
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-06 04:22:27 +0000