calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '08c22e9953'
${ noResults }
gentoo-overlay/dev-util/xdelta/files/01_bigger_print_buffers.patch

84 lines
2.8 KiB
Raw Blame History

From: Paul Jackson <pj@usa.net>, Paul Jackson <thepythoniccow@gmail.com>
xdelta3 (version 3.0.0) has numerous sprintf and strcpy calls that
write into 32 byte char buffers that are on the stack or are static
allocations. With sufficiently large files, these strings can overflow
the 32 char buffers, and some recent gnu libc versions will detect this
and immediately abort with the error "*** buffer overflow detected ***"
This patch, the first of three, is the only essential patch for this fix.
It increases the 32 byte stack buffers to 48 bytes each.
The subsequent two patches will replace sprintf calls with snprintf,
to safely avoid overflowing these stack buffers in all cases, and will
fix a hang caused by not properly closing and flushing pipes.
---
xdelta3-blkcache.h | 10 +++++-----
xdelta3-main.h | 14 +++++++-------
2 files changed, 12 insertions(+), 12 deletions(-)
--- xdelta3.0.0.orig/xdelta3-blkcache.h 2012-03-26 22:55:03.447784216 -0500
+++ xdelta3.0.0/xdelta3-blkcache.h 2012-03-26 23:22:54.871899533 -0500
@@ -233,11 +233,11 @@ main_set_source (xd3_stream *stream, xd3
if (option_verbose)
{
- static char srcszbuf[32];
- static char srccntbuf[32];
- static char winszbuf[32];
- static char blkszbuf[32];
- static char nbufs[32];
+ static char srcszbuf[48];
+ static char srccntbuf[48];
+ static char winszbuf[48];
+ static char blkszbuf[48];
+ static char nbufs[48];
if (sfile->size_known)
{
--- xdelta3.0.0.orig/xdelta3-main.h 2012-03-26 22:55:03.455784458 -0500
+++ xdelta3.0.0/xdelta3-main.h 2012-03-26 23:22:54.859899160 -0500
@@ -633,7 +633,7 @@ static char*
main_format_rate (xoff_t bytes, long millis, char *buf)
{
xoff_t r = (xoff_t)(1.0 * bytes / (1.0 * millis / 1000.0));
- static char lbuf[32];
+ static char lbuf[48];
main_format_bcnt (r, lbuf);
sprintf (buf, "%s/s", lbuf);
@@ -2954,7 +2954,7 @@ static usize_t
main_get_winsize (main_file *ifile) {
xoff_t file_size = 0;
usize_t size = option_winsize;
- static char iszbuf[32];
+ static char iszbuf[48];
if (main_file_stat (ifile, &file_size) == 0)
{
@@ -3328,10 +3328,10 @@ main_input (xd3_cmd cmd,
if (option_verbose)
{
- char rrateavg[32], wrateavg[32], tm[32];
- char rdb[32], wdb[32];
- char trdb[32], twdb[32];
- char srcpos[32];
+ char rrateavg[48], wrateavg[48], tm[48];
+ char rdb[48], wdb[48];
+ char trdb[48], twdb[48];
+ char srcpos[48];
long millis = get_millisecs_since ();
usize_t this_read = (usize_t)(stream.total_in -
last_total_in);
@@ -3460,7 +3460,7 @@ done:
if (option_verbose)
{
- char tm[32];
+ char tm[48];
long end_time = get_millisecs_now ();
xoff_t nwrite = ofile != NULL ? ofile->nwrite : 0;
Reference in new issue View Git Blame Copy Permalink