Loading pkgs/development/perl-modules/JSON-XS-CVE-2025-40928.patch 0 → 100644 +31 −0 Original line number Diff line number Diff line --- a/XS.xs 2025-09-06 08:34:51.376455632 -0300 +++ b/XS.xs 2025-09-06 08:35:30.725873619 -0300 @@ -253,16 +253,16 @@ // if we recurse too deep, skip all remaining digits // to avoid a stack overflow attack if (expect_false (--maxdepth <= 0)) - while (((U8)*s - '0') < 10) + while ((U8)(*s - '0') < 10) ++s; for (;;) { - U8 dig = (U8)*s - '0'; + U8 dig = *s - '0'; if (expect_false (dig >= 10)) { - if (dig == (U8)((U8)'.' - (U8)'0')) + if (dig == (U8)('.' - '0')) { ++s; json_atof_scan1 (s, accum, expo, 1, maxdepth); @@ -282,7 +282,7 @@ else if (*s == '+') ++s; - while ((dig = (U8)*s - '0') < 10) + while ((dig = (U8)(*s - '0')) < 10) exp2 = exp2 * 10 + *s++ - '0'; *expo += neg ? -exp2 : exp2; pkgs/top-level/perl-packages.nix +1 −0 Original line number Diff line number Diff line Loading @@ -18304,6 +18304,7 @@ with self; url = "mirror://cpan/authors/id/M/ML/MLEHMANN/JSON-XS-4.03.tar.gz"; hash = "sha256-UVU29F8voafojIgkUzdY0BIdJnq5y0U6G1iHyKVrkGg="; }; patches = [ ../development/perl-modules/JSON-XS-CVE-2025-40928.patch ]; propagatedBuildInputs = [ TypesSerialiser ]; buildInputs = [ CanaryStability ]; meta = { Loading
pkgs/development/perl-modules/JSON-XS-CVE-2025-40928.patch 0 → 100644 +31 −0 Original line number Diff line number Diff line --- a/XS.xs 2025-09-06 08:34:51.376455632 -0300 +++ b/XS.xs 2025-09-06 08:35:30.725873619 -0300 @@ -253,16 +253,16 @@ // if we recurse too deep, skip all remaining digits // to avoid a stack overflow attack if (expect_false (--maxdepth <= 0)) - while (((U8)*s - '0') < 10) + while ((U8)(*s - '0') < 10) ++s; for (;;) { - U8 dig = (U8)*s - '0'; + U8 dig = *s - '0'; if (expect_false (dig >= 10)) { - if (dig == (U8)((U8)'.' - (U8)'0')) + if (dig == (U8)('.' - '0')) { ++s; json_atof_scan1 (s, accum, expo, 1, maxdepth); @@ -282,7 +282,7 @@ else if (*s == '+') ++s; - while ((dig = (U8)*s - '0') < 10) + while ((dig = (U8)(*s - '0')) < 10) exp2 = exp2 * 10 + *s++ - '0'; *expo += neg ? -exp2 : exp2;
pkgs/top-level/perl-packages.nix +1 −0 Original line number Diff line number Diff line Loading @@ -18304,6 +18304,7 @@ with self; url = "mirror://cpan/authors/id/M/ML/MLEHMANN/JSON-XS-4.03.tar.gz"; hash = "sha256-UVU29F8voafojIgkUzdY0BIdJnq5y0U6G1iHyKVrkGg="; }; patches = [ ../development/perl-modules/JSON-XS-CVE-2025-40928.patch ]; propagatedBuildInputs = [ TypesSerialiser ]; buildInputs = [ CanaryStability ]; meta = {
