]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/blob
projects / thirdparty / openembedded / openembedded-core-contrib.git / blob
? search:


46b111806c47c13066920cc9502ef67a4f6b17c0
[thirdparty/openembedded/openembedded-core-contrib.git] /
1 From 603ae4ed8cd65abf0776ef7f68354a5c24a3411c Mon Sep 17 00:00:00 2001
2 From: Sebastien GODARD <sysstat@users.noreply.github.com>
3 Date: Tue, 15 Oct 2019 14:39:33 +0800
4 Subject: [PATCH] Fix #232: Memory corruption bug due to Integer Overflow in
5 remap_struct()
6
7 Try to avoid integer overflow when reading a corrupted binary datafile
8 with sadf.
9
10 Upstream-Status: Backport [https://github.com/sysstat/sysstat/commit/83fad9c895d1ac13f76af5883b7451b3302beef5]
11 CVE: CVE-2019-16167
12
13 Signed-off-by: Sebastien GODARD <sysstat@users.noreply.github.com>
14 Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
15 ---
16 sa_common.c | 7 +++++--
17 1 file changed, 5 insertions(+), 2 deletions(-)
18
19 diff --git a/sa_common.c b/sa_common.c
20 index 395c11c..cfa9007 100644
21 --- a/sa_common.c
22 +++ b/sa_common.c
23 @@ -1336,7 +1336,8 @@ int remap_struct(unsigned int gtypes_nr[], unsigned int ftypes_nr[],
24 /* Remap [unsigned] int fields */
25 d = gtypes_nr[1] - ftypes_nr[1];
26 if (d) {
27 - if (ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1])
28 + if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH +
29 + ftypes_nr[1] * UL_ALIGNMENT_WIDTH < ftypes_nr[1])
30 /* Overflow */
31 return -1;
32
33 @@ -1365,7 +1366,9 @@ int remap_struct(unsigned int gtypes_nr[], unsigned int ftypes_nr[],
34 /* Remap possible fields (like strings of chars) following int fields */
35 d = gtypes_nr[2] - ftypes_nr[2];
36 if (d) {
37 - if (ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2])
38 + if (gtypes_nr[0] * ULL_ALIGNMENT_WIDTH +
39 + gtypes_nr[1] * UL_ALIGNMENT_WIDTH +
40 + ftypes_nr[2] * U_ALIGNMENT_WIDTH < ftypes_nr[2])
41 /* Overflow */
42 return -1;
43
44 --
45 1.9.1
46
Mirror of git://git.openembedded.org/openembedded-core-contrib