diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2017-06-15 12:28:18 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2017-06-15 12:29:04 +0000 |
commit | 2b37087c38da0bca5f8f8e7b6595be427e426f6b (patch) | |
tree | 5c550c588ddfd23364f1a89ac326bcaf5c94b77e /community/chicken/CVE-2017-9334.patch | |
parent | 6d9a3c784420caa46945d1ee635d8ed506337982 (diff) | |
download | aports-2b37087c38da0bca5f8f8e7b6595be427e426f6b.tar.bz2 aports-2b37087c38da0bca5f8f8e7b6595be427e426f6b.tar.xz |
community/chicken: security fixes #7402 (CVE-2017-9334)
Diffstat (limited to 'community/chicken/CVE-2017-9334.patch')
-rw-r--r-- | community/chicken/CVE-2017-9334.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/community/chicken/CVE-2017-9334.patch b/community/chicken/CVE-2017-9334.patch new file mode 100644 index 0000000000..8b593fa58b --- /dev/null +++ b/community/chicken/CVE-2017-9334.patch @@ -0,0 +1,41 @@ +From 76bbb0c92c0a9e2cadac9796e55fdd2836424fdb Mon Sep 17 00:00:00 2001 +From: Peter Bex <address@hidden> +Date: Sun, 28 May 2017 12:37:44 +0200 +Subject: [PATCH] Fix segmentation fault in "length" on improper lists. + +This fixes #1375 +--- + runtime.c | 2 +- + tests/library-tests.scm | 6 ++++++ + 3 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/runtime.c b/runtime.c +index 86db413..7a513c2 100644 +--- a/runtime.c ++++ b/runtime.c +@@ -5379,7 +5379,7 @@ C_regparm C_word C_fcall C_i_length(C_word lst) + } + } + +- if(C_immediatep(slow) || C_block_header(lst) != C_PAIR_TAG) ++ if(C_immediatep(slow) || C_block_header(slow) != C_PAIR_TAG) + barf(C_NOT_A_PROPER_LIST_ERROR, "length", lst); + + slow = C_u_i_cdr(slow); +diff --git a/tests/library-tests.scm b/tests/library-tests.scm +index cd2f6e9..9c7cab4 100644 +--- a/tests/library-tests.scm ++++ b/tests/library-tests.scm +@@ -693,3 +693,9 @@ A + (assert (not (member "foo" '("bar")))) + (assert (not (member "foo" '()))) + (assert-fail (member "foo" "foo")) ++ ++ ++;; length ++ ++(assert-fail (length 1)) ++(assert-fail (length '(x . y))) +-- +2.1.4 + |