diff options
-rw-r--r-- | lang/v8-devel/Makefile | 2 | ||||
-rw-r--r-- | lang/v8-devel/files/patch-CVE-2015-5380 | 95 | ||||
-rw-r--r-- | lang/v8/Makefile | 1 | ||||
-rw-r--r-- | lang/v8/files/patch-CVE-2015-5380 | 95 |
4 files changed, 192 insertions, 1 deletions
diff --git a/lang/v8-devel/Makefile b/lang/v8-devel/Makefile index 473f0fb6f3d2..8083a972b852 100644 --- a/lang/v8-devel/Makefile +++ b/lang/v8-devel/Makefile @@ -3,7 +3,7 @@ PORTNAME= v8 PORTVERSION= 3.27.7 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= lang MASTER_SITES= LOCAL/vanilla PKGNAMESUFFIX= -devel diff --git a/lang/v8-devel/files/patch-CVE-2015-5380 b/lang/v8-devel/files/patch-CVE-2015-5380 new file mode 100644 index 000000000000..78293cff9f37 --- /dev/null +++ b/lang/v8-devel/files/patch-CVE-2015-5380 @@ -0,0 +1,95 @@ +Backport of fix found here: +https://github.com/joyent/node/commit/78b0e30954111cfaba0edbeee85450d8cbc6fdf6 + +Note, this patch is modified to use ASSERT instead of DCHECK because +this version of node is from before the rename which happened here: +https://codereview.chromium.org/430503007 + +--- src/unicode-inl.h.orig 2013-05-01 12:56:29 UTC ++++ src/unicode-inl.h +@@ -168,6 +168,7 @@ unsigned Utf8::Length(uchar c, int previ + + Utf8DecoderBase::Utf8DecoderBase() + : unbuffered_start_(NULL), ++ unbuffered_length_(0), + utf16_length_(0), + last_byte_of_buffer_unused_(false) {} + +@@ -207,8 +208,7 @@ unsigned Utf8Decoder<kBufferSize>::Write + if (length <= buffer_length) return length; + ASSERT(unbuffered_start_ != NULL); + // Copy the rest the slow way. +- WriteUtf16Slow(unbuffered_start_, +- data + buffer_length, ++ WriteUtf16Slow(unbuffered_start_, unbuffered_length_, data + buffer_length, + length - buffer_length); + return length; + } +--- src/unicode.cc.orig 2013-05-01 12:56:29 UTC ++++ src/unicode.cc +@@ -284,6 +284,7 @@ void Utf8DecoderBase::Reset(uint16_t* bu + // Assume everything will fit in the buffer and stream won't be needed. + last_byte_of_buffer_unused_ = false; + unbuffered_start_ = NULL; ++ unbuffered_length_ = 0; + bool writing_to_buffer = true; + // Loop until stream is read, writing to buffer as long as buffer has space. + unsigned utf16_length = 0; +@@ -310,6 +311,7 @@ void Utf8DecoderBase::Reset(uint16_t* bu + // Just wrote last character of buffer + writing_to_buffer = false; + unbuffered_start_ = stream; ++ unbuffered_length_ = stream_length; + } + continue; + } +@@ -319,20 +321,24 @@ void Utf8DecoderBase::Reset(uint16_t* bu + writing_to_buffer = false; + last_byte_of_buffer_unused_ = true; + unbuffered_start_ = stream - cursor; ++ unbuffered_length_ = stream_length + cursor; + } + utf16_length_ = utf16_length; + } + + + void Utf8DecoderBase::WriteUtf16Slow(const uint8_t* stream, ++ unsigned stream_length, + uint16_t* data, + unsigned data_length) { + while (data_length != 0) { + unsigned cursor = 0; +- uint32_t character = Utf8::ValueOf(stream, Utf8::kMaxEncodedSize, &cursor); ++ ++ uint32_t character = Utf8::ValueOf(stream, stream_length, &cursor); + // There's a total lack of bounds checking for stream + // as it was already done in Reset. + stream += cursor; ++ stream_length -= cursor; + if (character > unibrow::Utf16::kMaxNonSurrogateCharCode) { + *data++ = Utf16::LeadSurrogate(character); + *data++ = Utf16::TrailSurrogate(character); +@@ -343,6 +349,7 @@ void Utf8DecoderBase::WriteUtf16Slow(con + data_length -= 1; + } + } ++ ASSERT(stream_length >= 0); + } + + +--- src/unicode.h.orig 2013-05-01 12:56:29 UTC ++++ src/unicode.h +@@ -184,10 +184,10 @@ class Utf8DecoderBase { + unsigned buffer_length, + const uint8_t* stream, + unsigned stream_length); +- static void WriteUtf16Slow(const uint8_t* stream, +- uint16_t* data, +- unsigned length); ++ static void WriteUtf16Slow(const uint8_t* stream, unsigned stream_length, ++ uint16_t* data, unsigned length); + const uint8_t* unbuffered_start_; ++ unsigned unbuffered_length_; + unsigned utf16_length_; + bool last_byte_of_buffer_unused_; + private: diff --git a/lang/v8/Makefile b/lang/v8/Makefile index 77afb4d505ef..60912c8b315c 100644 --- a/lang/v8/Makefile +++ b/lang/v8/Makefile @@ -3,6 +3,7 @@ PORTNAME= v8 PORTVERSION= 3.18.5 +PORTREVISION= 1 CATEGORIES= lang MASTER_SITES= LOCAL/vanilla diff --git a/lang/v8/files/patch-CVE-2015-5380 b/lang/v8/files/patch-CVE-2015-5380 new file mode 100644 index 000000000000..78293cff9f37 --- /dev/null +++ b/lang/v8/files/patch-CVE-2015-5380 @@ -0,0 +1,95 @@ +Backport of fix found here: +https://github.com/joyent/node/commit/78b0e30954111cfaba0edbeee85450d8cbc6fdf6 + +Note, this patch is modified to use ASSERT instead of DCHECK because +this version of node is from before the rename which happened here: +https://codereview.chromium.org/430503007 + +--- src/unicode-inl.h.orig 2013-05-01 12:56:29 UTC ++++ src/unicode-inl.h +@@ -168,6 +168,7 @@ unsigned Utf8::Length(uchar c, int previ + + Utf8DecoderBase::Utf8DecoderBase() + : unbuffered_start_(NULL), ++ unbuffered_length_(0), + utf16_length_(0), + last_byte_of_buffer_unused_(false) {} + +@@ -207,8 +208,7 @@ unsigned Utf8Decoder<kBufferSize>::Write + if (length <= buffer_length) return length; + ASSERT(unbuffered_start_ != NULL); + // Copy the rest the slow way. +- WriteUtf16Slow(unbuffered_start_, +- data + buffer_length, ++ WriteUtf16Slow(unbuffered_start_, unbuffered_length_, data + buffer_length, + length - buffer_length); + return length; + } +--- src/unicode.cc.orig 2013-05-01 12:56:29 UTC ++++ src/unicode.cc +@@ -284,6 +284,7 @@ void Utf8DecoderBase::Reset(uint16_t* bu + // Assume everything will fit in the buffer and stream won't be needed. + last_byte_of_buffer_unused_ = false; + unbuffered_start_ = NULL; ++ unbuffered_length_ = 0; + bool writing_to_buffer = true; + // Loop until stream is read, writing to buffer as long as buffer has space. + unsigned utf16_length = 0; +@@ -310,6 +311,7 @@ void Utf8DecoderBase::Reset(uint16_t* bu + // Just wrote last character of buffer + writing_to_buffer = false; + unbuffered_start_ = stream; ++ unbuffered_length_ = stream_length; + } + continue; + } +@@ -319,20 +321,24 @@ void Utf8DecoderBase::Reset(uint16_t* bu + writing_to_buffer = false; + last_byte_of_buffer_unused_ = true; + unbuffered_start_ = stream - cursor; ++ unbuffered_length_ = stream_length + cursor; + } + utf16_length_ = utf16_length; + } + + + void Utf8DecoderBase::WriteUtf16Slow(const uint8_t* stream, ++ unsigned stream_length, + uint16_t* data, + unsigned data_length) { + while (data_length != 0) { + unsigned cursor = 0; +- uint32_t character = Utf8::ValueOf(stream, Utf8::kMaxEncodedSize, &cursor); ++ ++ uint32_t character = Utf8::ValueOf(stream, stream_length, &cursor); + // There's a total lack of bounds checking for stream + // as it was already done in Reset. + stream += cursor; ++ stream_length -= cursor; + if (character > unibrow::Utf16::kMaxNonSurrogateCharCode) { + *data++ = Utf16::LeadSurrogate(character); + *data++ = Utf16::TrailSurrogate(character); +@@ -343,6 +349,7 @@ void Utf8DecoderBase::WriteUtf16Slow(con + data_length -= 1; + } + } ++ ASSERT(stream_length >= 0); + } + + +--- src/unicode.h.orig 2013-05-01 12:56:29 UTC ++++ src/unicode.h +@@ -184,10 +184,10 @@ class Utf8DecoderBase { + unsigned buffer_length, + const uint8_t* stream, + unsigned stream_length); +- static void WriteUtf16Slow(const uint8_t* stream, +- uint16_t* data, +- unsigned length); ++ static void WriteUtf16Slow(const uint8_t* stream, unsigned stream_length, ++ uint16_t* data, unsigned length); + const uint8_t* unbuffered_start_; ++ unsigned unbuffered_length_; + unsigned utf16_length_; + bool last_byte_of_buffer_unused_; + private: |