1 files changed, 36 insertions, 0 deletions

diff --git a/core/flex/flex-2.5.35-hardening.patch b/core/flex/flex-2.5.35-hardening.patch
new file mode 100644
index 000000000..7d608ea23
--- /dev/null
+++ b/core/flex/flex-2.5.35-hardening.patch
@@ -0,0 +1,36 @@
+diff -u flex-2.5.35/scan.c flex-2.5.35/scan.c
+--- flex-2.5.35/scan.c
++++ flex-2.5.35/scan.c
+@@ -2096,7 +2096,7 @@
+ /* This used to be an fputs(), but since the string might contain NUL's,
+  * we now use fwrite().
+  */
+-#define ECHO fwrite( yytext, yyleng, 1, yyout )
++#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0)
+ #endif
+ 
+ /* Gets input and stuffs it into "buf".  number of characters read, or YY_NULL,
+diff -u flex-2.5.35/flex.skl flex-2.5.35/flex.skl
+--- flex-2.5.35/flex.skl
++++ flex-2.5.35/flex.skl
+@@ -1075,7 +1075,7 @@
+ /* This used to be an fputs(), but since the string might contain NUL's,
+  * we now use fwrite().
+  */
+-#define ECHO fwrite( yytext, yyleng, 1, yyout )
++#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0)
+ %endif
+ %if-c++-only C++ definition
+ #define ECHO LexerOutput( yytext, yyleng )
+diff -u flex-2.5.35/skel.c flex-2.5.35/skel.c
+--- flex-2.5.35/skel.c
++++ flex-2.5.35/skel.c
+@@ -1142,7 +1142,7 @@
+   "/* This used to be an fputs(), but since the string might contain NUL's,",
+   " * we now use fwrite().",
+   " */",
+-  "#define ECHO fwrite( yytext, yyleng, 1, yyout )",
++  "#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0)",
+   "%endif",
+   "%if-c++-only C++ definition",
+   "#define ECHO LexerOutput( yytext, yyleng )",