| author | Mike Sullivan <Mike.Sullivan@Oracle.COM> |
| Tue, 11 Oct 2016 16:58:27 -0700 | |
| changeset 7091 | 08a4029cbd6c |
| parent 6544 | f3ddf1d33382 |
| permissions | -rw-r--r-- |
|
6544
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
1 |
This patch is taken from upstream and modified to adjust our currently |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
2 |
released version. |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
3 |
|
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
4 |
From 99eda421f7ddc27b14e4ac1d2126e5fe41719081 Mon Sep 17 00:00:00 2001 |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
5 |
From: "Emden R. Gansner" <[email protected]> |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
6 |
Date: Mon, 24 Nov 2014 14:32:58 -0500 |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
7 |
Subject: [PATCH] Fix format string vulnerability in using agerr() to report |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
8 |
errors during parsing. We now use a fixed format %s, and pass the error |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
9 |
string as an argument. |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
10 |
|
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
11 |
--- |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
12 |
lib/cgraph/scan.l | 3 ++- |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
13 |
1 file changed, 2 insertions(+), 1 deletion(-) |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
14 |
|
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
15 |
diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
16 |
index 85a150a..a5872f4 100644 |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
17 |
--- a/lib/cgraph/scan.l |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
18 |
+++ b/lib/cgraph/scan.l |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
19 |
@@ -225,6 +225,7 @@ ID ({NAME}|{NUMBER})
|
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
20 |
<hstring>([^><\n]*) addstr(yytext); |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
21 |
. return (yytext[0]); |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
22 |
%% |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
23 |
+ |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
24 |
void yyerror(char *str) |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
25 |
{
|
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
26 |
unsigned char xbuf[BUFSIZ]; |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
27 |
@@ -273,7 +274,7 @@ void yyerror(char *str) |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
28 |
agxbput (&xb, yytext); |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
29 |
agxbput (&xb,"'\n"); |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
30 |
- agerr(AGWARN,agxbuse(&xb)); |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
31 |
+ agerr(AGWARN, "%s", agxbuse(&xb)); |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
32 |
agxbfree(&xb); |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
33 |
} |
|
f3ddf1d33382
21465165 problem in UTILITY/GRAPHVIZ
Yiteng Zhang <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
34 |
/* must be here to see flex's macro defns */ |