diff options
| -rw-r--r-- | external/liborcus/UnpackedTarball_liborcus.mk | 1 | ||||
| -rw-r--r-- | external/liborcus/overrun.patch.0 | 63 |
2 files changed, 64 insertions, 0 deletions
diff --git a/external/liborcus/UnpackedTarball_liborcus.mk b/external/liborcus/UnpackedTarball_liborcus.mk index 2ad70119179b..12698bab7234 100644 --- a/external/liborcus/UnpackedTarball_liborcus.mk +++ b/external/liborcus/UnpackedTarball_liborcus.mk @@ -39,6 +39,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,liborcus,\ external/liborcus/forcepoint-88.patch.1 \ external/liborcus/forcepoint-95.patch.1 \ external/liborcus/include.patch.0 \ + external/liborcus/overrun.patch.0 \ )) ifeq ($(OS),WNT) diff --git a/external/liborcus/overrun.patch.0 b/external/liborcus/overrun.patch.0 new file mode 100644 index 000000000000..de2097e32328 --- /dev/null +++ b/external/liborcus/overrun.patch.0 @@ -0,0 +1,63 @@ +--- src/parser/sax_token_parser.cpp ++++ src/parser/sax_token_parser.cpp +@@ -10,6 +10,7 @@ + + #include <mdds/sorted_string_map.hpp> + #include <cctype> ++#include <limits> + + namespace orcus { + +@@ -329,6 +330,28 @@ + m_elem.raw_name = elem.name; + } + ++static uint8_t readUint8(char const * begin, char const * end, char const ** endptr) { ++ unsigned n = 0; ++ char const * p = begin; ++ for (; p != end; ++p) { ++ char const c = *p; ++ if (c < '0' || c > '9') { ++ break; ++ } ++ n = 10 * n + (c - '0'); ++ if (n > std::numeric_limits<uint8_t>::max()) { ++ *endptr = nullptr; ++ return 0; ++ } ++ } ++ if (p == begin) { ++ *endptr = nullptr; ++ return 0; ++ } ++ *endptr = p; ++ return n; ++} ++ + void sax_token_handler_wrapper_base::attribute(std::string_view name, std::string_view val) + { + decl_attr_type dat = decl_attr::get().find(name.data(), name.size()); +@@ -340,18 +362,18 @@ + const char* p = val.data(); + const char* p_end = p + val.size(); + +- char* endptr = nullptr; +- long v = std::strtol(p, &endptr, 10); ++ const char* endptr = nullptr; ++ uint8_t v = readUint8(p, p_end, &endptr); + +- if (!endptr || endptr >= p_end || *endptr != '.') ++ if (!endptr || endptr == p_end || *endptr != '.') + break; + + m_declaration.version_major = v; + p = endptr + 1; + +- v = std::strtol(p, &endptr, 10); ++ v = readUint8(p, p_end, &endptr); + +- if (!endptr || endptr > p_end) ++ if (!endptr) + break; + + m_declaration.version_minor = v; |