git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

projects / thirdparty / openembedded / openembedded-core.git / commit

author	Vivek Kumbhar <vkumbhar@mvista.com>
	Fri, 21 Apr 2023 05:50:27 +0000 (11:20 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Fri, 21 Apr 2023 14:15:45 +0000 (04:15 -1000)
commit	d1943e6a0ec00653c81cd4c0bb0d6b7e0909094c
tree	539a40e9634860bd8a6961aacadde0c01678ee37	tree
parent	76d855f3d2c250ac85ca6f24bf0e178fb32607f9	commit \| diff

go: fix CVE-2023-24537 Infinite loop in parsing

Setting a large line or column number using a //line directive can cause
integer overflow even in small source files.

Limit line and column numbers in //line directives to 2^30-1, which
is small enough to avoid int32 overflow on all reasonbly-sized files.

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-devtools/go/go-1.14.inc		diff \| blob \| blame \| history
meta/recipes-devtools/go/go-1.14/CVE-2023-24537.patch	[new file with mode: 0644]	blob

Mirror of git://git.openembedded.org/openembedded-core

RSS Atom