Control: tags -1 + patch pending I believe the following patch, also passed upstream, will solve this problem.
Description: Make sure CPU feature parsing use large enough string buffer. Fixes CVE-2023-29579. Author: Petter Reinholdtsen <p...@debian.org> Bug: https://github.com/yasm/yasm/issues/214 Bug-Debian: https://bugs.debian.org/1035951 Forwarded: https://github.com/yasm/yasm/issues/214 Last-Update: 2025-04-30 --- --- yasm-1.3.0.orig/modules/arch/x86/x86arch.c +++ yasm-1.3.0/modules/arch/x86/x86arch.c @@ -165,8 +165,9 @@ x86_dir_cpu(yasm_object *object, yasm_va yasm_error_set(YASM_ERROR_SYNTAX, N_("invalid argument to [%s]"), "CPU"); else { - char strcpu[16]; - sprintf(strcpu, "%lu", yasm_intnum_get_uint(intcpu)); + char strcpu[21]; /* 21 = ceil(log10(LONG_MAX)+1) */ + assert(8*sizeof(unsigned long) <= 64); + snprintf(strcpu, sizeof(strcpu), "%lu", yasm_intnum_get_uint(intcpu)); yasm_x86__parse_cpu(arch_x86, strcpu, strlen(strcpu)); } } else -- Happy hacking Petter Reinholdtsen
