diff options
Diffstat (limited to 'dev-util/yacc/files/yacc-1.9.1-CVE-2008-3196.patch')
-rw-r--r-- | dev-util/yacc/files/yacc-1.9.1-CVE-2008-3196.patch | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/dev-util/yacc/files/yacc-1.9.1-CVE-2008-3196.patch b/dev-util/yacc/files/yacc-1.9.1-CVE-2008-3196.patch deleted file mode 100644 index 2fbb83cfc6b1..000000000000 --- a/dev-util/yacc/files/yacc-1.9.1-CVE-2008-3196.patch +++ /dev/null @@ -1,33 +0,0 @@ -Tue Jul 8 15:06:50 2008 UTC by otto - -Fix an venerable bug: if we're reducing a rule that has an empty -right hand side and the yacc stackpointer is pointing at the very -end of the allocated stack, we end up accessing the stack out of -bounds by the implicit $$ = $1 action. Detected by my new malloc, -experienced by sturm@ on sparc64; ok deraadt@ - - -Index: yacc-1.9.1/skeleton.c -=================================================================== ---- yacc-1.9.1.orig/skeleton.c -+++ yacc-1.9.1/skeleton.c -@@ -18,6 +18,7 @@ char *banner[] = - "/*static char yysccsid[] = \"from: @(#)yaccpar 1.9 (Berkeley) 02/21/93\";*/", - "static char yyrcsid[] = \"$Id: yacc-1.9.1-CVE-2008-3196.patch,v 1.1 2008/10/04 18:57:18 rbu Exp $\";", - "#endif", -+ "#include <string.h>", - "#define YYBYACC 1", - "#define YYMAJOR 1", - "#define YYMINOR 9", -@@ -226,7 +227,10 @@ char *body[] = - " YYPREFIX, yystate, yyn, yyrule[yyn]);", - "#endif", - " yym = yylen[yyn];", -- " yyval = yyvsp[1-yym];", -+ " if (yym)", -+ " yyval = yyvsp[1-yym];", -+ " else", -+ " memset(&yyval, 0, sizeof yyval);", - " switch (yyn)", - " {", - 0 |