go: fix CVE-2023-24537 Infinite loop in parsing - linux/poky.git

diff options

author	Vivek Kumbhar <vkumbhar@mvista.com>	2023-04-21 11:20:27 +0530
committer	Steve Sakoman <steve@sakoman.com>	2023-04-26 04:19:07 -1000
commit	538185bd1c0975dd865b9f185825577e3a4c42c2 (patch)
tree	4e96252ac52e3c63a511dddb879ec4a8bef088bf /bitbake/lib/bb
parent	6dd66704290f81a5ca4c3d7e13e4137be5f07dba (diff)
download	poky-538185bd1c0975dd865b9f185825577e3a4c42c2.tar.gz

go: fix CVE-2023-24537 Infinite loop in parsing

Setting a large line or column number using a //line directive can cause integer overflow even in small source files. Limit line and column numbers in //line directives to 2^30-1, which is small enough to avoid int32 overflow on all reasonbly-sized files. (From OE-Core rev: d1943e6a0ec00653c81cd4c0bb0d6b7e0909094c) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'bitbake/lib/bb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: