You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
84 lines
2.8 KiB
84 lines
2.8 KiB
12 years ago
|
From: Paul Jackson <pj@usa.net>, Paul Jackson <thepythoniccow@gmail.com>
|
||
|
|
||
|
xdelta3 (version 3.0.0) has numerous sprintf and strcpy calls that
|
||
|
write into 32 byte char buffers that are on the stack or are static
|
||
|
allocations. With sufficiently large files, these strings can overflow
|
||
|
the 32 char buffers, and some recent gnu libc versions will detect this
|
||
|
and immediately abort with the error "*** buffer overflow detected ***"
|
||
|
|
||
|
This patch, the first of three, is the only essential patch for this fix.
|
||
|
It increases the 32 byte stack buffers to 48 bytes each.
|
||
|
|
||
|
The subsequent two patches will replace sprintf calls with snprintf,
|
||
|
to safely avoid overflowing these stack buffers in all cases, and will
|
||
|
fix a hang caused by not properly closing and flushing pipes.
|
||
|
|
||
|
---
|
||
|
xdelta3-blkcache.h | 10 +++++-----
|
||
|
xdelta3-main.h | 14 +++++++-------
|
||
|
2 files changed, 12 insertions(+), 12 deletions(-)
|
||
|
|
||
|
--- xdelta3.0.0.orig/xdelta3-blkcache.h 2012-03-26 22:55:03.447784216 -0500
|
||
|
+++ xdelta3.0.0/xdelta3-blkcache.h 2012-03-26 23:22:54.871899533 -0500
|
||
|
@@ -233,11 +233,11 @@ main_set_source (xd3_stream *stream, xd3
|
||
|
|
||
|
if (option_verbose)
|
||
|
{
|
||
|
- static char srcszbuf[32];
|
||
|
- static char srccntbuf[32];
|
||
|
- static char winszbuf[32];
|
||
|
- static char blkszbuf[32];
|
||
|
- static char nbufs[32];
|
||
|
+ static char srcszbuf[48];
|
||
|
+ static char srccntbuf[48];
|
||
|
+ static char winszbuf[48];
|
||
|
+ static char blkszbuf[48];
|
||
|
+ static char nbufs[48];
|
||
|
|
||
|
if (sfile->size_known)
|
||
|
{
|
||
|
--- xdelta3.0.0.orig/xdelta3-main.h 2012-03-26 22:55:03.455784458 -0500
|
||
|
+++ xdelta3.0.0/xdelta3-main.h 2012-03-26 23:22:54.859899160 -0500
|
||
|
@@ -633,7 +633,7 @@ static char*
|
||
|
main_format_rate (xoff_t bytes, long millis, char *buf)
|
||
|
{
|
||
|
xoff_t r = (xoff_t)(1.0 * bytes / (1.0 * millis / 1000.0));
|
||
|
- static char lbuf[32];
|
||
|
+ static char lbuf[48];
|
||
|
|
||
|
main_format_bcnt (r, lbuf);
|
||
|
sprintf (buf, "%s/s", lbuf);
|
||
|
@@ -2954,7 +2954,7 @@ static usize_t
|
||
|
main_get_winsize (main_file *ifile) {
|
||
|
xoff_t file_size = 0;
|
||
|
usize_t size = option_winsize;
|
||
|
- static char iszbuf[32];
|
||
|
+ static char iszbuf[48];
|
||
|
|
||
|
if (main_file_stat (ifile, &file_size) == 0)
|
||
|
{
|
||
|
@@ -3328,10 +3328,10 @@ main_input (xd3_cmd cmd,
|
||
|
|
||
|
if (option_verbose)
|
||
|
{
|
||
|
- char rrateavg[32], wrateavg[32], tm[32];
|
||
|
- char rdb[32], wdb[32];
|
||
|
- char trdb[32], twdb[32];
|
||
|
- char srcpos[32];
|
||
|
+ char rrateavg[48], wrateavg[48], tm[48];
|
||
|
+ char rdb[48], wdb[48];
|
||
|
+ char trdb[48], twdb[48];
|
||
|
+ char srcpos[48];
|
||
|
long millis = get_millisecs_since ();
|
||
|
usize_t this_read = (usize_t)(stream.total_in -
|
||
|
last_total_in);
|
||
|
@@ -3460,7 +3460,7 @@ done:
|
||
|
|
||
|
if (option_verbose)
|
||
|
{
|
||
|
- char tm[32];
|
||
|
+ char tm[48];
|
||
|
long end_time = get_millisecs_now ();
|
||
|
xoff_t nwrite = ofile != NULL ? ofile->nwrite : 0;
|
||
|
|