diff options
author | Vivek Kumbhar <vkumbhar@mvista.com> | 2023-04-21 11:20:27 +0530 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-04-26 04:19:07 -1000 |
commit | 538185bd1c0975dd865b9f185825577e3a4c42c2 (patch) | |
tree | 4e96252ac52e3c63a511dddb879ec4a8bef088bf /meta/recipes-devtools/go/go-1.14.inc | |
parent | 6dd66704290f81a5ca4c3d7e13e4137be5f07dba (diff) | |
download | poky-538185bd1c0975dd865b9f185825577e3a4c42c2.tar.gz |
go: fix CVE-2023-24537 Infinite loop in parsing
Setting a large line or column number using a //line directive can cause
integer overflow even in small source files.
Limit line and column numbers in //line directives to 2^30-1, which
is small enough to avoid int32 overflow on all reasonbly-sized files.
(From OE-Core rev: d1943e6a0ec00653c81cd4c0bb0d6b7e0909094c)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/go/go-1.14.inc')
-rw-r--r-- | meta/recipes-devtools/go/go-1.14.inc | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-devtools/go/go-1.14.inc b/meta/recipes-devtools/go/go-1.14.inc index 7178739b7e..56f4f12c37 100644 --- a/meta/recipes-devtools/go/go-1.14.inc +++ b/meta/recipes-devtools/go/go-1.14.inc | |||
@@ -56,6 +56,7 @@ SRC_URI += "\ | |||
56 | file://CVE-2022-41722-1.patch \ | 56 | file://CVE-2022-41722-1.patch \ |
57 | file://CVE-2022-41722-2.patch \ | 57 | file://CVE-2022-41722-2.patch \ |
58 | file://CVE-2020-29510.patch \ | 58 | file://CVE-2020-29510.patch \ |
59 | file://CVE-2023-24537.patch \ | ||
59 | " | 60 | " |
60 | 61 | ||
61 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" | 62 | SRC_URI_append_libc-musl = " file://0009-ld-replace-glibc-dynamic-linker-with-musl.patch" |