--- /dev/null
+From e709eb829448ce040087a3fc5481db6bfcaae212 Mon Sep 17 00:00:00 2001
+From: "Arnold D. Robbins" <arnold@skeeve.com>
+Date: Wed, 3 Aug 2022 13:00:54 +0300
+Subject: [PATCH] Smal bug fix in builtin.c.
+
+Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/gawk/tree/debian/patches/CVE-2023-4156.patch?h=ubuntu/focal-security
+Upstream commit https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212]
+CVE: CVE-2023-4156
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ ChangeLog | 6 ++++++
+ builtin.c | 5 ++++-
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+--- gawk-5.1.0.orig/builtin.c
++++ gawk-5.1.0/builtin.c
+@@ -957,7 +957,10 @@ check_pos:
+ s1++;
+ n0--;
+ }
+- if (val >= num_args) {
++ // val could be less than zero if someone provides a field width
++ // so large that it causes integer overflow. Mainly fuzzers do this,
++ // but let's try to be good anyway.
++ if (val < 0 || val >= num_args) {
+ toofew = true;
+ break;
+ }
SRC_URI = "${GNU_MIRROR}/gawk/gawk-${PV}.tar.gz \
file://remove-sensitive-tests.patch \
file://run-ptest \
+ file://CVE-2023-4156.patch \
"
SRC_URI[md5sum] = "c5441c73cc451764055ee65e9a4292bb"
projects / thirdparty / openembedded / openembedded-core.git / commitdiff
