fix CVE-2020-21528
(cherry picked from commit 663428545eaa782a7077af359b786b66c02799c5)
This commit is contained in:
hongjinghao
openeuler-sync-bot
parent
3ee3cbb607
commit
8b90a595c8
43
CVE-2020-21528.patch
Normal file
43
CVE-2020-21528.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From 93c774d482694643cafbc82578ac8b729fb5bc8b Mon Sep 17 00:00:00 2001
|
||||
From: Cyrill Gorcunov <gorcunov@gmail.com>
|
||||
Date: Wed, 4 Nov 2020 13:08:06 +0300
|
||||
Subject: [PATCH] BR3392637: output/outieee: Fix nil dereference
|
||||
|
||||
The handling been broken in commit 98578071.
|
||||
|
||||
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
|
||||
---
|
||||
output/outieee.c | 17 +++++++++++++++++
|
||||
1 file changed, 17 insertions(+)
|
||||
|
||||
diff --git a/output/outieee.c b/output/outieee.c
|
||||
index bff2f085..b3ccc5f6 100644
|
||||
--- a/output/outieee.c
|
||||
+++ b/output/outieee.c
|
||||
@@ -795,6 +795,23 @@ static int32_t ieee_segment(char *name, int *bits)
|
||||
define_label(name, seg->index + 1, 0L, false);
|
||||
ieee_seg_needs_update = NULL;
|
||||
|
||||
+ /*
|
||||
+ * In commit 98578071b9d71ecaa2344dd9c185237c1765041e
|
||||
+ * we reworked labels significantly which in turn lead
|
||||
+ * to the case where seg->name = NULL here and we get
|
||||
+ * nil dereference in next segments definitions.
|
||||
+ *
|
||||
+ * Lets placate this case with explicit name setting
|
||||
+ * if labels engine didn't set it yet.
|
||||
+ *
|
||||
+ * FIXME: Need to revisit this moment if such fix doesn't
|
||||
+ * break anything but since IEEE 695 format is veeery
|
||||
+ * old I don't expect there are many users left. In worst
|
||||
+ * case this should only lead to a memory leak.
|
||||
+ */
|
||||
+ if (!seg->name)
|
||||
+ seg->name = nasm_strdup(name);
|
||||
+
|
||||
if (seg->use32)
|
||||
*bits = 32;
|
||||
else
|
||||
--
|
||||
2.27.0
|
||||
|
||||
@ -8,7 +8,7 @@
|
||||
|
||||
Name: nasm
|
||||
Version: 2.15.05
|
||||
Release: 5
|
||||
Release: 6
|
||||
Summary: The Netwide Assembler, a portable x86 assembler with Intel-like syntax
|
||||
License: BSD
|
||||
URL: http://www.nasm.us
|
||||
@ -20,6 +20,9 @@ Patch6001: fix-help-info-error.patch
|
||||
# https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d
|
||||
Patch6002: CVE-2022-44370.patch
|
||||
#https://bugzilla.nasm.us/attachment.cgi?id=411648
|
||||
|
||||
Patch6003: CVE-2020-21528.patch
|
||||
|
||||
BuildRequires: perl(Env) autoconf asciidoc xmlto gcc make git
|
||||
|
||||
Provides: %{name}-rdoff
|
||||
@ -91,6 +94,9 @@ make test
|
||||
%{_mandir}/man1/ld*
|
||||
|
||||
%changelog
|
||||
* Wed Aug 23 2023 hongjinghao <hongjinghao@huawei.com> - 2.15.05-6
|
||||
- Fix CVE-2020-21528
|
||||
|
||||
* Wed Apr 12 2023 yaoxin <yao_xin001@hoperun.com> - 2.15.05-5
|
||||
- Fix CVE-2022-44370
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user