summaryrefslogtreecommitdiff
path: root/core/perl/CVE-2013-1667.patch
diff options
context:
space:
mode:
Diffstat (limited to 'core/perl/CVE-2013-1667.patch')
-rw-r--r--core/perl/CVE-2013-1667.patch50
1 files changed, 50 insertions, 0 deletions
diff --git a/core/perl/CVE-2013-1667.patch b/core/perl/CVE-2013-1667.patch
new file mode 100644
index 000000000..8a8f98d32
--- /dev/null
+++ b/core/perl/CVE-2013-1667.patch
@@ -0,0 +1,50 @@
+commit 9ec0b001b87d32f1d39b038b72846a5c20417be3 (refs/remotes/origin/maint-5.16)
+Author: Andy Dougherty <doughera@lafayette.edu>
+Date: Wed Jan 16 12:30:43 2013 -0500
+
+ Avoid wraparound when casting unsigned size_t to signed ssize_t.
+
+ Practically, this only affects a perl compiled with 64-bit IVs on a 32-bit
+ system. In that instance a value of count >= 2**31 would turn negative
+ when cast to (ssize_t).
+
+diff --git a/perlio.c b/perlio.c
+index 7782728..cccfdcd 100644
+--- a/perlio.c
++++ b/perlio.c
+@@ -2164,7 +2164,7 @@ PerlIOBase_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
+ SSize_t avail = PerlIO_get_cnt(f);
+ SSize_t take = 0;
+ if (avail > 0)
+- take = ((SSize_t)count < avail) ? (SSize_t)count : avail;
++ take = (((SSize_t) count >= 0) && ((SSize_t)count < avail)) ? (SSize_t)count : avail;
+ if (take > 0) {
+ STDCHAR *ptr = PerlIO_get_ptr(f);
+ Copy(ptr, buf, take, STDCHAR);
+@@ -4098,7 +4098,7 @@ PerlIOBuf_unread(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
+ */
+ b->posn -= b->bufsiz;
+ }
+- if (avail > (SSize_t) count) {
++ if ((SSize_t) count >= 0 && avail > (SSize_t) count) {
+ /*
+ * If we have space for more than count, just move count
+ */
+@@ -4148,7 +4148,7 @@ PerlIOBuf_write(pTHX_ PerlIO *f, const void *vbuf, Size_t count)
+ }
+ while (count > 0) {
+ SSize_t avail = b->bufsiz - (b->ptr - b->buf);
+- if ((SSize_t) count < avail)
++ if ((SSize_t) count >= 0 && (SSize_t) count < avail)
+ avail = count;
+ if (flushptr > buf && flushptr <= buf + avail)
+ avail = flushptr - buf;
+@@ -4423,7 +4423,7 @@ PerlIOPending_read(pTHX_ PerlIO *f, void *vbuf, Size_t count)
+ {
+ SSize_t avail = PerlIO_get_cnt(f);
+ SSize_t got = 0;
+- if ((SSize_t)count < avail)
++ if ((SSize_t) count >= 0 && (SSize_t)count < avail)
+ avail = count;
+ if (avail > 0)
+ got = PerlIOBuf_read(aTHX_ f, vbuf, avail);
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-02 13:35:58 +0000