summaryrefslogtreecommitdiff
path: root/backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch
diff options
context:
space:
mode:
Diffstat (limited to 'backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch')
-rw-r--r--backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch52
1 files changed, 52 insertions, 0 deletions
diff --git a/backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch b/backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch
new file mode 100644
index 0000000..97b6c40
--- /dev/null
+++ b/backport-CVE-2024-3205-Fix-emitter-states-handling-when-write_indicator-fails.patch
@@ -0,0 +1,52 @@
+From ff577b94511f9fc314435a1154f1124dccbe57ec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tina=20M=C3=BCller?= <cpan2@tinita.de>
+Date: Mon, 8 Apr 2024 23:32:52 +0200
+Subject: [PATCH] Fix emitter states handling when write_indicator fails
+
+There are cases where yaml_emitter_write_indicator fails.
+In that case POP is called on emitter->indents but not on emitter->states,
+which results in a leftover event in the stack, and later POP is called
+on an empty emitter->indents stack.
+
+This commit does not fix the case of the failing yaml_emitter_write_indicator.
+This is still investigated.
+---
+ src/emitter.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/emitter.c b/src/emitter.c
+index 609b28a4..0aca6c34 100644
+--- a/src/emitter.c
++++ b/src/emitter.c
+@@ -759,6 +759,7 @@ yaml_emitter_emit_flow_sequence_item(yaml_emitter_t *emitter,
+ {
+ emitter->flow_level --;
+ emitter->indent = POP(emitter, emitter->indents);
++ emitter->state = POP(emitter, emitter->states);
+ if (emitter->canonical && !first) {
+ if (!yaml_emitter_write_indicator(emitter, ",", 0, 0, 0))
+ return 0;
+@@ -767,7 +768,6 @@ yaml_emitter_emit_flow_sequence_item(yaml_emitter_t *emitter,
+ }
+ if (!yaml_emitter_write_indicator(emitter, "]", 0, 0, 0))
+ return 0;
+- emitter->state = POP(emitter, emitter->states);
+
+ return 1;
+ }
+@@ -808,6 +808,7 @@ yaml_emitter_emit_flow_mapping_key(yaml_emitter_t *emitter,
+ return 0;
+ emitter->flow_level --;
+ emitter->indent = POP(emitter, emitter->indents);
++ emitter->state = POP(emitter, emitter->states);
+ if (emitter->canonical && !first) {
+ if (!yaml_emitter_write_indicator(emitter, ",", 0, 0, 0))
+ return 0;
+@@ -816,7 +817,6 @@ yaml_emitter_emit_flow_mapping_key(yaml_emitter_t *emitter,
+ }
+ if (!yaml_emitter_write_indicator(emitter, "}", 0, 0, 0))
+ return 0;
+- emitter->state = POP(emitter, emitter->states);
+
+ return 1;
+ }
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-30 17:34:28 +0000