Fix denial of sevice vulnerability in Berkeley yacc (CVE-2008-3196).

author: tonnerre <tonnerre> 2008-07-24 17:13:00 +0000
committer: tonnerre <tonnerre> 2008-07-24 17:13:00 +0000
commit: 0b11520cb3a52f24ff16b04d5cd2a7b82fdeef50 (patch)
tree: 7f5689e3ca1f17d378a36271e681f2cccc4f9856 /devel/byacc/patches
parent: 2711d11f58348e551ade7a3f6a64cb4408b1c9e2 (diff)
download: pkgsrc-0b11520cb3a52f24ff16b04d5cd2a7b82fdeef50.tar.gz
1 files changed, 24 insertions, 0 deletions
diff --git a/devel/byacc/patches/patch-aa b/devel/byacc/patches/patch-aa
new file mode 100644
index 00000000000..4d6b5228d70
--- /dev/null
+++ b/devel/byacc/patches/patch-aa
@@ -0,0 +1,24 @@
+$NetBSD: patch-aa,v 1.3 2008/07/24 17:13:00 tonnerre Exp $
+
+--- skeleton.c.orig	2005-05-05 01:39:36.000000000 +0200
++++ skeleton.c
+@@ -87,6 +87,7 @@ char *header[] =
+     "short   *yyssp;",
+     "YYSTYPE *yyvsp;",
+     "YYSTYPE  yyval;",
++    "static YYSTYPE yyvalzero;", /* no "const", must compile as C++ */
+     "YYSTYPE  yylval;",
+     "",
+     "/* variables for the parser stack */",
+@@ -275,7 +275,10 @@ char *body[] =
+     "                YYPREFIX, yystate, yyn, yyrule[yyn]);",
+     "#endif",
+     "    yym = yylen[yyn];",
+-    "    yyval = yyvsp[1-yym];",
++    "    if (yym)",
++    "        yyval = yyvsp[1-yym];",
++    "    else",
++    "        yyval = yyvalzero;",
+     "    switch (yyn)",
+     "    {",
+     0
author	tonnerre <tonnerre>	2008-07-24 17:13:00 +0000
committer	tonnerre <tonnerre>	2008-07-24 17:13:00 +0000
commit	0b11520cb3a52f24ff16b04d5cd2a7b82fdeef50 (patch)
tree	7f5689e3ca1f17d378a36271e681f2cccc4f9856 /devel/byacc/patches
parent	2711d11f58348e551ade7a3f6a64cb4408b1c9e2 (diff)
download	pkgsrc-0b11520cb3a52f24ff16b04d5cd2a7b82fdeef50.tar.gz