packages/rapidjson
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:f40bec6e6ff54c35d89af6ffc8297183c3332326
Branches Tags
packages:main
..
compare: packages:35150a2635c1930d072aa05b2ede52bb24e9e7ee
Branches Tags
packages:main

10 Commits
f40bec6e6f ... 35150a2635

Author SHA1 Message Date
openeuler-ci-bot
35150a2635
!18 [sync] PR-14: Fix CVE-2024-38517 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2024-07-11 05:57:31 +00:00
zhangxianting
2003079a8c Fix CVE-2024-38517 
(cherry picked from commit 02630628fedebb2794fe59a8068a6eaa27c71e3d)
 2024-07-11 13:32:22 +08:00
openeuler-ci-bot
3df141956b
!8 [sync] PR-7: 添加sw架构 
From: @openeuler-sync-bot 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
 2022-12-19 07:47:06 +00:00
Wu Zixuan
fb53ed36e2 Add sw64 architecture 
Signed-off-by: Wu Zixuan <wuzx1226@qq.com>
(cherry picked from commit 3515145f664b0b833639ecca266f6b17dcd5aba3)
 2022-12-06 20:00:40 +08:00
openeuler-ci-bot
b57f223611 !5 fix tag_prefix error 
From: @hht8
Reviewed-by: @licihua
Signed-off-by: @licihua
 2021-01-05 16:38:27 +08:00
hht8
a7b4acff75 fix tag_prefix error 2021-01-05 16:28:31 +08:00
openeuler-ci-bot
bc8f46c727 !4 【轻量级 PR】:修改拼写错误 
Merge pull request !4 from Monday/N/A
 2020-08-10 09:46:57 +08:00
Monday
7afb980d8b 修改拼写错误 2020-08-09 12:24:35 +08:00
openeuler-ci-bot
2eff54f282 !3 fix build fail due to hardlink path 
Merge pull request !3 from ultra_planet/master
 2020-07-30 10:55:34 +08:00
lingsheng
092a475f8b Not use hardlink absolute path 2020-07-29 16:10:21 +08:00
4 changed files with 94 additions and 7 deletions
Show Stats Expand all files Collapse all files

59
backport-CVE-2024-38517.patch Normal file
View File

@ -0,0 +1,59 @@
From 8269bc2bc289e9d343bae51cdf6d23ef0950e001 Mon Sep 17 00:00:00 2001
From: Florin Malita <fmalita@gmail.com>
Date: Tue, 15 May 2018 22:48:07 -0400
Subject: [PATCH] Prevent int underflow when parsing exponents
When parsing negative exponents, the current implementation takes
precautions for |exp| to not underflow int.
But that is not sufficient: later on [1], |exp + expFrac| is also
stored to an int - so we must ensure that the sum stays within int
representable values.
Update the exp clamping logic to take expFrac into account.
[1] https://github.com/Tencent/rapidjson/blob/master/include/rapidjson/reader.h#L1690
---
include/rapidjson/reader.h | 11 ++++++++++-
test/unittest/readertest.cpp | 1 +
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/include/rapidjson/reader.h b/include/rapidjson/reader.h
index 7441eda4..f95aef42 100644
--- a/include/rapidjson/reader.h
+++ b/include/rapidjson/reader.h
@@ -1632,9 +1632,18 @@ private:
if (RAPIDJSON_LIKELY(s.Peek() >= '0' && s.Peek() <= '9')) {
exp = static_cast<int>(s.Take() - '0');
if (expMinus) {
+ // (exp + expFrac) must not underflow int => we're detecting when -exp gets
+ // dangerously close to INT_MIN (a pessimistic next digit 9 would push it into
+ // underflow territory):
+ //
+ // -(exp * 10 + 9) + expFrac >= INT_MIN
+ // <=> exp <= (expFrac - INT_MIN - 9) / 10
+ RAPIDJSON_ASSERT(expFrac <= 0);
+ int maxExp = (expFrac + 2147483639) / 10;
+
while (RAPIDJSON_LIKELY(s.Peek() >= '0' && s.Peek() <= '9')) {
exp = exp * 10 + static_cast<int>(s.Take() - '0');
- if (exp >= 214748364) { // Issue #313: prevent overflow exponent
+ if (RAPIDJSON_UNLIKELY(exp > maxExp)) {
while (RAPIDJSON_UNLIKELY(s.Peek() >= '0' && s.Peek() <= '9')) // Consume the rest of exponent
s.Take();
}
diff --git a/test/unittest/readertest.cpp b/test/unittest/readertest.cpp
index e5308019..c4800b93 100644
--- a/test/unittest/readertest.cpp
+++ b/test/unittest/readertest.cpp
@@ -242,6 +242,7 @@ static void TestParseDouble() {
TEST_DOUBLE(fullPrecision, "1e-214748363", 0.0); // Maximum supported negative exponent
TEST_DOUBLE(fullPrecision, "1e-214748364", 0.0);
TEST_DOUBLE(fullPrecision, "1e-21474836311", 0.0);
+ TEST_DOUBLE(fullPrecision, "1.00000000001e-2147483638", 0.0);
TEST_DOUBLE(fullPrecision, "0.017976931348623157e+310", 1.7976931348623157e+308); // Max double in another form
// Since
--
2.20.1

12
rapidjson-1.1.0-sw.patch Executable file
View File

@ -0,0 +1,12 @@
diff -Nuar rapidjson-1.1.0.org/include/rapidjson/rapidjson.h rapidjson-1.1.0.sw/include/rapidjson/rapidjson.h
--- rapidjson-1.1.0.org/include/rapidjson/rapidjson.h 2022-05-09 16:56:54.370734000 +0800
+++ rapidjson-1.1.0.sw/include/rapidjson/rapidjson.h 2022-05-09 16:58:52.180734000 +0800
@@ -234,7 +234,7 @@
// Detect with architecture macros
# elif defined(__sparc) || defined(__sparc__) || defined(_POWER) || defined(__powerpc__) || defined(__ppc__) || defined(__hpux) || defined(__hppa) || defined(_MIPSEB) || defined(_POWER) || defined(__s390__)
# define RAPIDJSON_ENDIAN RAPIDJSON_BIGENDIAN
-# elif defined(__i386__) || defined(__alpha__) || defined(__ia64) || defined(__ia64__) || defined(_M_IX86) || defined(_M_IA64) || defined(_M_ALPHA) || defined(__amd64) || defined(__amd64__) || defined(_M_AMD64) || defined(__x86_64) || defined(__x86_64__) || defined(_M_X64) || defined(__bfin__)
+# elif defined(__i386__) || defined(__alpha__) || defined(__sw_64__) || defined(__ia64) || defined(__ia64__) || defined(_M_IX86) || defined(_M_IA64) || defined(_M_ALPHA) || defined(_M_SW_64) || defined(__amd64) || defined(__amd64__) || defined(_M_AMD64) || defined(__x86_64) || defined(__x86_64__) || defined(_M_X64) || defined(__bfin__)
# define RAPIDJSON_ENDIAN RAPIDJSON_LITTLEENDIAN
# elif defined(_MSC_VER) && defined(_M_ARM)
# define RAPIDJSON_ENDIAN RAPIDJSON_LITTLEENDIAN

24
rapidjson.spec
View File

@ -1,12 +1,14 @@
%global debug_package %{nil}
Name: rapidjson
Version: 1.1.0
Release: 9
Release: 12
Summary: small & selft-contained fast JSON parser and generator for C++
License: MIT
URL: http://miloyip.github.io/rapidjson
Source0: https://github.com/miloyip/rapidjson/archive/v%{version}.tar.gz#/rapidjson-%{version}.tar.gz
Patch0000: rapidjson-1.1.0-do_not_include_gtest_src_dir.patch
Patch0001: rapidjson-1.1.0-sw.patch
Patch0002: backport-CVE-2024-38517.patch
BuildRequires: cmake gcc-c++ gtest-devel valgrind
%description
@ -40,7 +42,12 @@ Obsoletes: rapidjson-doc < %{version}-%{release}
This package provides docs for rapidjson.
%prep
%autosetup -n rapidjson-%{version} -p1
%setup -n rapidjson-%{version}
%patch0 -p1
%ifarch sw_64
%patch1 -p1
%endif
%patch2 -p1
install -d build
for _file in "license.txt" $(%{_bindir}/find example -type f -name '*.c*')
do
@ -66,8 +73,8 @@ cd -
%{__cp} -a CHANGELOG.md readme*.md examples %{buildroot}%{_pkgdocdir}
%{_bindir}/find %{buildroot} -type f -name 'CMake*.txt' -print0 | \
%{_bindir}/xargs -0 %{__rm} -fv
%{_sbindir}/hardlink -v %{buildroot}%{_includedir}
%{_sbindir}/hardlink -v %{buildroot}%{_pkgdocdir}
hardlink -v %{buildroot}%{_includedir}
hardlink -v %{buildroot}%{_pkgdocdir}
%check
CTEST_EXCLUDE=".*valgrind.*"
@ -88,5 +95,14 @@ cd -
%doc %{_pkgdocdir}
%changelog
* Thu Jul 11 2024 zhangxianting <zhangxianting@uniontech.com> - 1.1.0-12
- Fix CVE-2024-38517
* Wed Oct 26 2022 wuzx<wuzx1226@qq.com> - 1.1.0-11
- Add sw64 architecture
* Wed Jul 29 2020 lingsheng <lingsheng@huawei.com> - 1.1.0-10
- Not use hardlink absolute path
* Mon Jun 8 2020 Jeffery.Gao <gaojianxing@huawei.com> - 1.1.0-9
- Package init

6
rapidjson.yaml
View File

@ -1,4 +1,4 @@
version-control: github
version_control: github
src_repo: Tencent/rapidjson
tag_prefix: v^
seperator: .
tag_prefix: "^v"
separator: .