[OE-core] [PATCH 03/12] nspr: remove nspr-CVE-2014-1545.patch

Fri Apr 24 07:54:10 UTC 2015

It is a backport patch.

Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
---
 .../nspr/nspr/nspr-CVE-2014-1545.patch             |   67 --------------------
 1 file changed, 67 deletions(-)
 delete mode 100644 meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch

diff --git a/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch b/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch
deleted file mode 100644
index 565ff16..0000000
--- a/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Fix for CVE-2014-1545
-
-Upstream-Status: Backport
-
-Backported from nspr-4.10.6.tar.gz.
----
---- a/pr/src/io/prprf.c
-+++ b/pr/src/io/prprf.c
-@@ -50,6 +50,10 @@
- #include "prlog.h"
- #include "prmem.h"
- 
-+#ifdef _MSC_VER
-+#define snprintf _snprintf
-+#endif
-+
- /*
- ** WARNING: This code may *NOT* call PR_LOG (because PR_LOG calls it)
- */
-@@ -330,7 +334,7 @@
- ** Convert a double precision floating point number into its printable
- ** form.
- **
--** XXX stop using sprintf to convert floating point
-+** XXX stop using snprintf to convert floating point
- */
- static int cvt_f(SprintfState *ss, double d, const char *fmt0, const char *fmt1)
- {
-@@ -338,15 +342,14 @@
-     char fout[300];
-     int amount = fmt1 - fmt0;
- 
--    PR_ASSERT((amount > 0) && (amount < sizeof(fin)));
--    if (amount >= sizeof(fin)) {
--	/* Totally bogus % command to sprintf. Just ignore it */
-+    if (amount <= 0 || amount >= sizeof(fin)) {
-+        /* Totally bogus % command to snprintf. Just ignore it */
- 	return 0;
-     }
-     memcpy(fin, fmt0, amount);
-     fin[amount] = 0;
- 
--    /* Convert floating point using the native sprintf code */
-+    /* Convert floating point using the native snprintf code */
- #ifdef DEBUG
-     {
-         const char *p = fin;
-@@ -356,14 +359,11 @@
-         }
-     }
- #endif
--    sprintf(fout, fin, d);
--
--    /*
--    ** This assert will catch overflow's of fout, when building with
--    ** debugging on. At least this way we can track down the evil piece
--    ** of calling code and fix it!
--    */
--    PR_ASSERT(strlen(fout) < sizeof(fout));
-+    memset(fout, 0, sizeof(fout));
-+    snprintf(fout, sizeof(fout), fin, d);
-+    /* Explicitly null-terminate fout because on Windows snprintf doesn't
-+     * append a null-terminator if the buffer is too small. */
-+    fout[sizeof(fout) - 1] = '\0';
- 
-     return (*ss->stuff)(ss, fout, strlen(fout));
- }
-- 
1.7.9.5


