[libyaml-libyaml-perl] 03/04: Add libyaml-guard-against-overflows-in-indent-and-flow_level.patch patch

Thu Feb 27 19:25:18 UTC 2014

This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch master
in repository libyaml-libyaml-perl.

commit 97e947a1e513b47e8b08824ec3756e5a61c895ef
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Sun Feb 23 22:28:01 2014 +0100

    Add libyaml-guard-against-overflows-in-indent-and-flow_level.patch patch
    
    Guard against overflows in indent and flow_level.
---
 ...gainst-overflows-in-indent-and-flow_level.patch | 86 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 87 insertions(+)

diff --git a/debian/patches/libyaml-guard-against-overflows-in-indent-and-flow_level.patch b/debian/patches/libyaml-guard-against-overflows-in-indent-and-flow_level.patch
new file mode 100644
index 0000000..370fbd2
--- /dev/null
+++ b/debian/patches/libyaml-guard-against-overflows-in-indent-and-flow_level.patch
@@ -0,0 +1,86 @@
+Description: Guard against overflows in indent and flow_level
+Origin: upstream, https://bitbucket.org/xi/libyaml/commits/f859ed1eb757a3562b98a28a8ce69274bfd4b3f2,
+ https://bitbucket.org/xi/libyaml/commits/af3599437a87162554787c52d8b16eab553f537b
+Last-Update: 2014-02-10
+Applied-Upstream: 0.1.5
+
+--- a/LibYAML/scanner.c
++++ b/LibYAMLscanner.c
+@@ -615,11 +615,11 @@
+  */
+ 
+ static int
+-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
+-        int number, yaml_token_type_t type, yaml_mark_t mark);
++yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
++        ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark);
+ 
+ static int
+-yaml_parser_unroll_indent(yaml_parser_t *parser, int column);
++yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column);
+ 
+ /*
+  * Token fetchers.
+@@ -1103,7 +1103,7 @@
+      */
+ 
+     int required = (!parser->flow_level
+-            && parser->indent == (int)parser->mark.column);
++            && parser->indent == (ptrdiff_t)parser->mark.column);
+ 
+     /*
+      * A simple key is required only when it is the first token in the current
+@@ -1176,6 +1176,11 @@
+ 
+     /* Increase the flow level. */
+ 
++    if (parser->flow_level == INT_MAX) {
++        parser->error = YAML_MEMORY_ERROR;
++        return 0;
++    }
++
+     parser->flow_level++;
+ 
+     return 1;
+@@ -1206,8 +1211,8 @@
+  */
+ 
+ static int
+-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
+-        int number, yaml_token_type_t type, yaml_mark_t mark)
++yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
++        ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark)
+ {
+     yaml_token_t token;
+ 
+@@ -1226,6 +1231,11 @@
+         if (!PUSH(parser, parser->indents, parser->indent))
+             return 0;
+ 
++        if (column > INT_MAX) {
++            parser->error = YAML_MEMORY_ERROR;
++            return 0;
++	}
++
+         parser->indent = column;
+ 
+         /* Create a token and insert it into the queue. */
+@@ -1254,7 +1264,7 @@
+ 
+ 
+ static int
+-yaml_parser_unroll_indent(yaml_parser_t *parser, int column)
++yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column)
+ {
+     yaml_token_t token;
+ 
+--- a/LibYAML/yaml_private.h
++++ b/LibYAML/yaml_private.h
+@@ -7,6 +7,7 @@
+ 
+ #include <assert.h>
+ #include <limits.h>
++#include <stddef.h>
+ 
+ /*
+  * Memory management.
diff --git a/debian/patches/series b/debian/patches/series
index 3028c1d..627ee5e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@ fix_ftbfs_hardening_flags.diff
 disable-update.sh.patch
 libyaml-string-overflow.patch
 libyaml-node-id-hardening.patch
+libyaml-guard-against-overflows-in-indent-and-flow_level.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libyaml-libyaml-perl.git

