]>
Commit | Line | Data |
---|---|---|
8c29bde4 SB |
1 | Description: Guard against overflows in indent and flow_level |
2 | Origin: upstream, https://bitbucket.org/xi/libyaml/commits/f859ed1eb757a3562b98a28a8ce69274bfd4b3f2, | |
3 | https://bitbucket.org/xi/libyaml/commits/af3599437a87162554787c52d8b16eab553f537b | |
4 | Last-Update: 2014-02-10 | |
5 | Applied-Upstream: 0.1.5 | |
6 | ||
7 | --- a/src/scanner.c | |
8 | +++ b/src/scanner.c | |
9 | @@ -615,11 +615,11 @@ | |
10 | */ | |
11 | ||
12 | static int | |
13 | -yaml_parser_roll_indent(yaml_parser_t *parser, int column, | |
14 | - int number, yaml_token_type_t type, yaml_mark_t mark); | |
15 | +yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column, | |
16 | + ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark); | |
17 | ||
18 | static int | |
19 | -yaml_parser_unroll_indent(yaml_parser_t *parser, int column); | |
20 | +yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column); | |
21 | ||
22 | /* | |
23 | * Token fetchers. | |
24 | @@ -1103,7 +1103,7 @@ | |
25 | */ | |
26 | ||
27 | int required = (!parser->flow_level | |
28 | - && parser->indent == (int)parser->mark.column); | |
29 | + && parser->indent == (ptrdiff_t)parser->mark.column); | |
30 | ||
31 | /* | |
32 | * A simple key is required only when it is the first token in the current | |
33 | @@ -1176,6 +1176,11 @@ | |
34 | ||
35 | /* Increase the flow level. */ | |
36 | ||
37 | + if (parser->flow_level == INT_MAX) { | |
38 | + parser->error = YAML_MEMORY_ERROR; | |
39 | + return 0; | |
40 | + } | |
41 | + | |
42 | parser->flow_level++; | |
43 | ||
44 | return 1; | |
45 | @@ -1206,8 +1211,8 @@ | |
46 | */ | |
47 | ||
48 | static int | |
49 | -yaml_parser_roll_indent(yaml_parser_t *parser, int column, | |
50 | - int number, yaml_token_type_t type, yaml_mark_t mark) | |
51 | +yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column, | |
52 | + ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark) | |
53 | { | |
54 | yaml_token_t token; | |
55 | ||
56 | @@ -1226,6 +1231,11 @@ | |
57 | if (!PUSH(parser, parser->indents, parser->indent)) | |
58 | return 0; | |
59 | ||
60 | + if (column > INT_MAX) { | |
61 | + parser->error = YAML_MEMORY_ERROR; | |
62 | + return 0; | |
63 | + } | |
64 | + | |
65 | parser->indent = column; | |
66 | ||
67 | /* Create a token and insert it into the queue. */ | |
68 | @@ -1254,7 +1264,7 @@ | |
69 | ||
70 | ||
71 | static int | |
72 | -yaml_parser_unroll_indent(yaml_parser_t *parser, int column) | |
73 | +yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column) | |
74 | { | |
75 | yaml_token_t token; | |
76 | ||
77 | --- a/src/yaml_private.h | |
78 | +++ b/src/yaml_private.h | |
79 | @@ -7,6 +7,7 @@ | |
80 | ||
81 | #include <assert.h> | |
82 | #include <limits.h> | |
83 | +#include <stddef.h> | |
84 | ||
85 | /* | |
86 | * Memory management. |