[libyaml.git] / debian / patches / libyaml-guard-against-overflows-in-indent-and-flow_level.patch

Description: Guard against overflows in indent and flow_level
Origin: upstream, https://bitbucket.org/xi/libyaml/commits/f859ed1eb757a3562b98a28a8ce69274bfd4b3f2,
 https://bitbucket.org/xi/libyaml/commits/af3599437a87162554787c52d8b16eab553f537b
Last-Update: 2014-02-10
Applied-Upstream: 0.1.5

--- a/src/scanner.c
+++ b/src/scanner.c
@@ -615,11 +615,11 @@
  */
 
 static int
-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
-        int number, yaml_token_type_t type, yaml_mark_t mark);
+yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
+        ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark);
 
 static int
-yaml_parser_unroll_indent(yaml_parser_t *parser, int column);
+yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column);
 
 /*
  * Token fetchers.
@@ -1103,7 +1103,7 @@
      */
 
     int required = (!parser->flow_level
-            && parser->indent == (int)parser->mark.column);
+            && parser->indent == (ptrdiff_t)parser->mark.column);
 
     /*
      * A simple key is required only when it is the first token in the current
@@ -1176,6 +1176,11 @@
 
     /* Increase the flow level. */
 
+    if (parser->flow_level == INT_MAX) {
+        parser->error = YAML_MEMORY_ERROR;
+        return 0;
+    }
+
     parser->flow_level++;
 
     return 1;
@@ -1206,8 +1211,8 @@
  */
 
 static int
-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
-        int number, yaml_token_type_t type, yaml_mark_t mark)
+yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
+        ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark)
 {
     yaml_token_t token;
 
@@ -1226,6 +1231,11 @@
         if (!PUSH(parser, parser->indents, parser->indent))
             return 0;
 
+        if (column > INT_MAX) {
+            parser->error = YAML_MEMORY_ERROR;
+            return 0;
+	}
+
         parser->indent = column;
 
         /* Create a token and insert it into the queue. */
@@ -1254,7 +1264,7 @@
 
 
 static int
-yaml_parser_unroll_indent(yaml_parser_t *parser, int column)
+yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column)
 {
     yaml_token_t token;
 
--- a/src/yaml_private.h
+++ b/src/yaml_private.h
@@ -7,6 +7,7 @@
 
 #include <assert.h>
 #include <limits.h>
+#include <stddef.h>
 
 /*
  * Memory management.
Commit	Line	Data
8c29bde4 SB	1	Description: Guard against overflows in indent and flow_level
	2	Origin: upstream, https://bitbucket.org/xi/libyaml/commits/f859ed1eb757a3562b98a28a8ce69274bfd4b3f2,
	3	https://bitbucket.org/xi/libyaml/commits/af3599437a87162554787c52d8b16eab553f537b
	4	Last-Update: 2014-02-10
	5	Applied-Upstream: 0.1.5
	6
	7	--- a/src/scanner.c
	8	+++ b/src/scanner.c
	9	@@ -615,11 +615,11 @@
	10	*/
	11
	12	static int
	13	-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
	14	- int number, yaml_token_type_t type, yaml_mark_t mark);
	15	+yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
	16	+ ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark);
	17
	18	static int
	19	-yaml_parser_unroll_indent(yaml_parser_t *parser, int column);
	20	+yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column);
	21
	22	/*
	23	* Token fetchers.
	24	@@ -1103,7 +1103,7 @@
	25	*/
	26
	27	int required = (!parser->flow_level
	28	- && parser->indent == (int)parser->mark.column);
	29	+ && parser->indent == (ptrdiff_t)parser->mark.column);
	30
	31	/*
	32	* A simple key is required only when it is the first token in the current
	33	@@ -1176,6 +1176,11 @@
	34
	35	/* Increase the flow level. */
	36
	37	+ if (parser->flow_level == INT_MAX) {
	38	+ parser->error = YAML_MEMORY_ERROR;
	39	+ return 0;
	40	+ }
	41	+
	42	parser->flow_level++;
	43
	44	return 1;
	45	@@ -1206,8 +1211,8 @@
	46	*/
	47
	48	static int
	49	-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
	50	- int number, yaml_token_type_t type, yaml_mark_t mark)
	51	+yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
	52	+ ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark)
	53	{
	54	yaml_token_t token;
	55
	56	@@ -1226,6 +1231,11 @@
	57	if (!PUSH(parser, parser->indents, parser->indent))
	58	return 0;
	59
	60	+ if (column > INT_MAX) {
	61	+ parser->error = YAML_MEMORY_ERROR;
	62	+ return 0;
	63	+ }
	64	+
65	parser->indent = column;
66
67	/* Create a token and insert it into the queue. */
68	@@ -1254,7 +1264,7 @@
69
70
71	static int
72	-yaml_parser_unroll_indent(yaml_parser_t *parser, int column)
73	+yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column)
74	{
75	yaml_token_t token;
76
77	--- a/src/yaml_private.h
78	+++ b/src/yaml_private.h
79	@@ -7,6 +7,7 @@
80
81	#include <assert.h>
82	#include <limits.h>
83	+#include <stddef.h>
84
85	/*
86	* Memory management.