diff options
| author | Vivek Kumbhar <vkumbhar@mvista.com> | 2023-04-21 11:20:27 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2023-04-26 04:19:07 -1000 |
| commit | 538185bd1c0975dd865b9f185825577e3a4c42c2 (patch) | |
| tree | 4e96252ac52e3c63a511dddb879ec4a8bef088bf /meta/recipes-devtools/go/go-1.14.inc | |
| parent | 6dd66704290f81a5ca4c3d7e13e4137be5f07dba (diff) | |
| download | poky-538185bd1c0975dd865b9f185825577e3a4c42c2.tar.gz | |
go: fix CVE-2023-24537 Infinite loop in parsing
Setting a large line or column number using a //line directive can cause
integer overflow even in small source files.
Limit line and column numbers in //line directives to 2^30-1, which
is small enough to avoid int32 overflow on all reasonbly-sized files.
(From OE-Core rev: d1943e6a0ec00653c81cd4c0bb0d6b7e0909094c)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14.inc')
| -rw-r--r-- | meta/recipes-devtools/go/go-1.14.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 7178739b7e..56f4f12c37 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc | |||
| @@ -56,6 +56,7 @@ SRC_URI += "\ | |||
| 56 | file://CVE-2022-41722-1.patch \ | 56 | file://CVE-2022-41722-1.patch \ |
| 57 | file://CVE-2022-41722-2.patch \ | 57 | file://CVE-2022-41722-2.patch \ |
| 58 | file://CVE-2020-29510.patch \ | 58 | file://CVE-2020-29510.patch \ |
| 59 | file://CVE-2023-24537.patch \ | ||
| 59 | " | 60 | " |
| 60 | 61 | ||
| 61 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" | 62 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" |