File CVE-2013-6393.patch of Package perl-YAML-LibYAML

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2013-6393.patch of Package perl-YAML-LibYAML

diff -Naur a/LibYAML/api.c b/LibYAML/api.c
--- a/LibYAML/api.c	2009-08-30 21:50:47.000000000 +0200
+++ b/LibYAML/api.c	2014-03-07 17:33:59.345442851 +0100
@@ -117,7 +117,12 @@
 YAML_DECLARE(int)
 yaml_stack_extend(void **start, void **top, void **end)
 {
-    void *new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2);
+    void *new_start;
+
+    if ((char *)*end - (char *)*start >= INT_MAX / 2)
+ return 0;
+
+    new_start = yaml_realloc(*start, ((char *)*end - (char *)*start)*2);
 
     if (!new_start) return 0;
 
diff -Naur a/LibYAML/scanner.c b/LibYAML/scanner.c
--- a/LibYAML/scanner.c	2009-08-30 21:50:47.000000000 +0200
+++ b/LibYAML/scanner.c	2014-03-07 17:34:08.431442987 +0100
@@ -615,11 +615,11 @@
  */
 
 static int
-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
-        int number, yaml_token_type_t type, yaml_mark_t mark);
+yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
+        ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark);
 
 static int
-yaml_parser_unroll_indent(yaml_parser_t *parser, int column);
+yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column);
 
 /*
  * Token fetchers.
@@ -1103,7 +1103,7 @@
      */
 
     int required = (!parser->flow_level
-            && parser->indent == (int)parser->mark.column);
+            && parser->indent == (ptrdiff_t)parser->mark.column);
 
     /*
      * A simple key is required only when it is the first token in the current
@@ -1176,6 +1176,11 @@
 
     /* Increase the flow level. */
 
+    if (parser->flow_level == INT_MAX) {
+        parser->error = YAML_MEMORY_ERROR;
+        return 0;
+    }
+
     parser->flow_level++;
 
     return 1;
@@ -1206,8 +1211,8 @@
  */
 
 static int
-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
-        int number, yaml_token_type_t type, yaml_mark_t mark)
+yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
+        ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark)
 {
     yaml_token_t token;
 
@@ -1226,6 +1231,11 @@
         if (!PUSH(parser, parser->indents, parser->indent))
             return 0;
 
+        if (column > INT_MAX) {
+            parser->error = YAML_MEMORY_ERROR;
+            return 0;
+        }
+
         parser->indent = column;
 
         /* Create a token and insert it into the queue. */
@@ -1254,7 +1264,7 @@
 
 
 static int
-yaml_parser_unroll_indent(yaml_parser_t *parser, int column)
+yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column)
 {
     yaml_token_t token;
 
@@ -2574,7 +2584,7 @@
 
     /* Resize the string to include the head. */
 
-    while (string.end - string.start <= (int)length) {
+    while ((size_t)(string.end - string.start) <= length) {
         if (!yaml_string_extend(&string.start, &string.pointer, &string.end)) {
             parser->error = YAML_MEMORY_ERROR;
             goto error;
diff -Naur a/LibYAML/yaml_private.h b/LibYAML/yaml_private.h
--- a/LibYAML/yaml_private.h	2009-08-30 21:50:47.000000000 +0200
+++ b/LibYAML/yaml_private.h	2014-03-07 17:34:04.399442926 +0100
@@ -7,6 +7,7 @@
 
 #include <assert.h>
 #include <limits.h>
+#include <stddef.h>
 
 /*
  * Memory management.

Places

File CVE-2013-6393.patch of Package perl-YAML-LibYAML

Places