Verified Commit 244cf1f2 authored by Nathan Owens's avatar Nathan Owens Committed by Max Rees
Browse files

user/re2c: Upgrade to 2.0.3

parent f7628676
# Contributor: Jeff Bilyk <jbilyk at gmail>
# Maintainer:
pkgname=re2c
pkgver=1.3
pkgrel=1
pkgver=2.0.3
pkgrel=0
pkgdesc="Fast lexer generator for C and C++"
url="http://re2c.org/"
arch="all"
......@@ -12,13 +12,13 @@ checkdepends="bash"
makedepends=""
subpackages="$pkgname-doc"
source="https://github.com/skvadrik/re2c/releases/download/$pkgver/$pkgname-$pkgver.tar.xz
CVE-2020-11958.patch
"
# secfixes:
# 1.3-r1:
# - CVE-2020-11958
build() {
./configure \
--build=$CBUILD \
......@@ -38,5 +38,4 @@ package() {
make DESTDIR="$pkgdir" install
}
sha512sums="c7084ab2399fb6b96cef74c1393715d90830f43b82b96af46feb71ef008c0215381c3dbea0b003ff810d869db6021e28001b9d588ad55c616642244b2da09c0e re2c-1.3.tar.xz
f4376b8e0724d500f665fa60dfd6fb35685a281af50c500d2ff90d781a829fb78f21e8c93c5745a4519acd55a62ec48a570dbfacf0a9ee977502e06f3e2e474a CVE-2020-11958.patch"
sha512sums="893c533e9847a6236d55ae65e413ddc48b7531b89f5552a3ad79beeac079317ceca4c35710f3c2d88a6de5a3c0a5070a24a8cffb1b4277578a41697ea0e3bf8c re2c-2.0.3.tar.xz"
From c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a Mon Sep 17 00:00:00 2001
From: Ulya Trofimovich <skvadrik@gmail.com>
Date: Fri, 17 Apr 2020 22:47:14 +0100
Subject: [PATCH] Fix crash in lexer refill (reported by Agostino Sarubbo).
The crash happened in a rare case of a very long lexeme that doen't fit
into the buffer, forcing buffer reallocation.
The crash was caused by an incorrect calculation of the shift offset
(it was smaller than necessary). As a consequence, the data from buffer
start and up to the beginning of the current lexeme was not discarded
(as it should have been), resulting in less free space for new data than
expected.
---
src/parse/scanner.cc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/parse/scanner.cc b/src/parse/scanner.cc
index 1d6e9efa..bd651314 100644
--- a/src/parse/scanner.cc
+++ b/src/parse/scanner.cc
@@ -155,13 +155,14 @@ bool Scanner::fill(size_t need)
if (!buf) fatal("out of memory");
memmove(buf, tok, copy);
- shift_ptrs_and_fpos(buf - bot);
+ shift_ptrs_and_fpos(buf - tok);
delete [] bot;
bot = buf;
free = BSIZE - copy;
}
+ DASSERT(lim + free <= bot + BSIZE);
if (!read(free)) {
eof = lim;
memset(lim, 0, YYMAXFILL);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment