mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-27 06:39:51 +00:00
bc0288b768
This backports upstream fixes for the out of bounds write vulnerability in json-c. It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592 Addresses CVE-2020-12762 Signed-off-by: Robert Marko <robert.marko@sartura.hr> Signed-off-by: Luka Perkov <luka.perkov@sartura.hr> [bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
30 lines
1.0 KiB
Diff
30 lines
1.0 KiB
Diff
From 519dfe1591d85432986f9762d41d1a883198c157 Mon Sep 17 00:00:00 2001
|
|
From: Eric Haszlakiewicz <erh+git@nimenees.com>
|
|
Date: Sun, 10 May 2020 03:32:19 +0000
|
|
Subject: [PATCH] Issue #599: Fix the backwards check in
|
|
lh_table_insert_w_hash() that was preventing adding more than 11 objects. Add
|
|
a test to check for this too.
|
|
|
|
---
|
|
linkhash.c | 2 +-
|
|
tests/test4.c | 29 +++++++++++++++++++++++++++++
|
|
tests/test4.expected | 1 +
|
|
3 files changed, 31 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/linkhash.c b/linkhash.c
|
|
index 51e90b1..f930efd 100644
|
|
--- a/linkhash.c
|
|
+++ b/linkhash.c
|
|
@@ -582,7 +582,7 @@ int lh_table_insert_w_hash(struct lh_table *t, const void *k, const void *v, con
|
|
|
|
if (t->count >= t->size * LH_LOAD_FACTOR) {
|
|
/* Avoid signed integer overflow with large tables. */
|
|
- int new_size = INT_MAX / 2 < t->size ? t->size * 2 : INT_MAX;
|
|
+ int new_size = (t->size > INT_MAX / 2) ? INT_MAX : (t->size * 2);
|
|
if (t->size == INT_MAX || lh_table_resize(t, new_size) != 0)
|
|
return -1;
|
|
}
|
|
--
|
|
2.26.2
|
|
|