go: fix CVE-2023-24537 Infinite loop in parsing - linux/poky.git

diff options

author	Vivek Kumbhar <vkumbhar@mvista.com>	2023-04-21 08:20:12 +0530
committer	Steve Sakoman <steve@sakoman.com>	2023-04-26 04:03:21 -1000
commit	c34e0e1e0f9c22b519817cd07f1c6662445d275c (patch)
tree	701c4db55b7967210e1403d14d5fdca911c391fc /scripts/lib
parent	d19f7ddf5a54625dc500eee8baeddb792795c754 (diff)
download	poky-c34e0e1e0f9c22b519817cd07f1c6662445d275c.tar.gz

go: fix CVE-2023-24537 Infinite loop in parsing

Setting a large line or column number using a //line directive can cause integer overflow even in small source files. Limit line and column numbers in //line directives to 2^30-1, which is small enough to avoid int32 overflow on all reasonbly-sized files. Fixes CVE-2023-24537 Fixes #59273 For #59180 (From OE-Core rev: 15c07dff384ce4fb0e90f4f32c182a82101a1c82) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: