summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-devtools
diff options
context:
space:
mode:
authorGuocai He <guocai.he.cn@windriver.com>2026-04-10 15:04:58 +0800
committerAnuj Mittal <anuj.mittal@oss.qualcomm.com>2026-04-15 14:10:33 +0530
commitc14dcffcd77b7b9d0d1f3473f98d51ffe2b166e9 (patch)
tree0b768a2ec26a76e28a9b81fa237ddc159ddb068c /meta-oe/recipes-devtools
parentfc30bb5eedfa89070a112425bcf8423a7b2aa998 (diff)
downloadmeta-openembedded-c14dcffcd77b7b9d0d1f3473f98d51ffe2b166e9.tar.gz
yasm: fix CVE-2021-33454
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. Backport patch to fix CVE-2021-33454 per reference [1]. [1]: https://security-tracker.debian.org/tracker/CVE-2021-33454 Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-oe/recipes-devtools')
-rw-r--r--meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33454.patch29
-rw-r--r--meta-oe/recipes-devtools/yasm/yasm_git.bb1
2 files changed, 30 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33454.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33454.patch
new file mode 100644
index 0000000000..735be93a3f
--- /dev/null
+++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33454.patch
@@ -0,0 +1,29 @@
1From 9defefae9fbcb6958cddbfa778c1ea8605da8b8b Mon Sep 17 00:00:00 2001
2From: dataisland <dataisland@outlook.com>
3Date: Fri, 22 Sep 2023 00:21:20 -0500
4Subject: [PATCH] Fix null-pointer-dereference in yasm_expr_get_intnum (#244)
5
6CVE: CVE-2021-33454
7Upstream-Status: Backport [https://github.com/yasm/yasm/commit/9defefae9f]
8
9Signed-off-by: Guocai He <guocai.he.cn@windriver.com>
10---
11 libyasm/expr.c | 2 +-
12 1 file changed, 1 insertion(+), 1 deletion(-)
13
14diff --git a/libyasm/expr.c b/libyasm/expr.c
15index 5b0c418b..09ae1121 100644
16--- a/libyasm/expr.c
17+++ b/libyasm/expr.c
18@@ -1264,7 +1264,7 @@ yasm_expr_get_intnum(yasm_expr **ep, int calc_bc_dist)
19 {
20 *ep = yasm_expr_simplify(*ep, calc_bc_dist);
21
22- if ((*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT)
23+ if (*ep && (*ep)->op == YASM_EXPR_IDENT && (*ep)->terms[0].type == YASM_EXPR_INT)
24 return (*ep)->terms[0].data.intn;
25 else
26 return (yasm_intnum *)NULL;
27--
282.34.1
29
diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb
index 5ba4f67628..84503e9a8a 100644
--- a/meta-oe/recipes-devtools/yasm/yasm_git.bb
+++ b/meta-oe/recipes-devtools/yasm/yasm_git.bb
@@ -20,6 +20,7 @@ SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \
20 file://CVE-2023-29579.patch \ 20 file://CVE-2023-29579.patch \
21 file://CVE-2021-33464.patch \ 21 file://CVE-2021-33464.patch \
22 file://CVE-2021-33456.patch \ 22 file://CVE-2021-33456.patch \
23 file://CVE-2021-33454.patch \
23 " 24 "
24 25
25S = "${WORKDIR}/git" 26S = "${WORKDIR}/git"