packages/yasm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
yasm/CVE-2021-33464.patch
Funda Wang cdb0e78f61 fix CVE-2021-33454, CVE-2021-33464, CVE-2023-29579 
(cherry picked from commit 7aec1c83b4bfa6438582630d51dfd9ceaa9059b2)
2025-05-13 09:41:02 +08:00

21 lines
754 B
Diff
Raw Permalink Blame History

Description: Handle file descriptors with nonexisting env names better.
Avoid writing past allocated memory.
This fixes CVE-2021-33464.
Author: Petter Reinholdtsen <pere@debian.org>
Bug: https://github.com/yasm/yasm/issues/164
Bug-Debian: https://bugs.debian.org/1016353
Forwarded: https://github.com/yasm/yasm/issues/164
Last-Update: 2025-04-30
---
--- yasm-1.3.0.orig/modules/preprocs/nasm/nasm-pp.c
+++ yasm-1.3.0/modules/preprocs/nasm/nasm-pp.c
@@ -1815,7 +1815,7 @@ inc_fopen(char *file, char **newname)
error(ERR_WARNING, "environment variable `%s' does not exist",
p1+1);
*p2 = '%';
- p1 = p2+1;
+ pb = p1 = p2+1;
continue;
}
/* need to expand */
Reference in New Issue View Git Blame Copy Permalink