Sync from SUSE:SLFO:Main orc revision d4bc0c888ce10937b81642933a051e7a

2024-08-06 11:57:33 +02:00 · 2024-08-06 11:57:33 +02:00 · 3c9bb4c47b
commit 3c9bb4c47b
parent 8d5ec9472b
3 changed files with 156 additions and 0 deletions
--- a/0001-Use-vasprintf-if-available-for-error-messages-and.patch
+++ b/0001-Use-vasprintf-if-available-for-error-messages-and.patch
@ -0,0 +1,147 @@
 From fb7db9ae3e8ac271651d1884a3611d30bac04a98 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
 Date: Tue, 9 Jul 2024 12:11:37 +0300
 Subject: [PATCH 1/2] Use vasprintf() if available for error messages and
 otherwise vsnprintf()
 vasprintf() is a GNU/BSD extension and would allocate as much memory as required
 on the heap, similar to g_strdup_printf(). It's ridiculous that such a function
 is still not provided as part of standard C.
 If it's not available, use vsnprintf() to at least avoid stack/heap buffer
 overflows, which can lead to arbitrary code execution.
 Thanks to Noriko Totsuka for reporting.
 Fixes JVN#02030803 / JPCERT#92912620 / CVE-2024-40897
 Fixes #69
 Part-of: <https://gitlab.freedesktop.org/gstreamer/orc/-/merge_requests/191>
 ---
 meson.build       |  1 +
 orc/orccompiler.c |  6 +++++-
 orc/orcparse.c    | 14 +++++++++++---
 3 files changed, 17 insertions(+), 4 deletions(-)
 diff --git a/meson.build b/meson.build
 index c7ba5d7d..fe8c6016 100644
 --- a/meson.build
 +++ b/meson.build
@@ -136,6 +136,7 @@ int main() {
 '''
 cdata.set('HAVE_MONOTONIC_CLOCK', cc.compiles(monotonic_test))
 cdata.set('HAVE_GETTIMEOFDAY', cc.has_function('gettimeofday'))
 +cdata.set('HAVE_VASPRINTF', cc.has_function('vasprintf'))
 cdata.set('HAVE_POSIX_MEMALIGN', cc.has_function('posix_memalign', prefix : '#include <stdlib.h>'))
 cdata.set('HAVE_MMAP', cc.has_function('mmap'))
 cdata.set('HAVE_SYS_TIME_H', cc.has_header('sys/time.h'))
 diff --git a/orc/orccompiler.c b/orc/orccompiler.c
 index 1e24b8a3..d3394612 100644
 --- a/orc/orccompiler.c
 +++ b/orc/orccompiler.c
@@ -1489,8 +1489,12 @@ orc_compiler_error_valist (OrcCompiler *compiler, const char *fmt,
   if (compiler->error_msg) return;
 +#ifdef HAVE_VASPRINTF
 +  vasprintf (&s, fmt, args);
 +#else
   s = malloc (ORC_COMPILER_ERROR_BUFFER_SIZE);
 -  vsprintf (s, fmt, args);
 +  vsnprintf (s, ORC_COMPILER_ERROR_BUFFER_SIZE, fmt, args);
 +#endif
   compiler->error_msg = s;
   compiler->error = TRUE;
   compiler->result = ORC_COMPILE_RESULT_UNKNOWN_COMPILE;
 diff --git a/orc/orcparse.c b/orc/orcparse.c
 index b0d67095..ae4f1b6b 100644
 --- a/orc/orcparse.c
 +++ b/orc/orcparse.c
@@ -424,17 +424,25 @@ orc_parse_get_error_where (OrcParser *parser)
 static void
 orc_parse_add_error_valist (OrcParser *parser, const char *format, va_list args)
 {
 -  char text[ORC_ERROR_LENGTH] = { '\0' };
 -
   if (parser->error_program != parser->program) {
     parser->error_program = parser->program;
   }
 -  vsprintf (text, format, args);
 +#ifdef HAVE_VASPRINTF
 +  char *text;
 +  vasprintf (&text, format, args);
 +#else
 +  char text[ORC_ERROR_LENGTH] = { '\0' };
 +  vsnprintf (text, sizeof (text), format, args);
 +#endif
   orc_vector_append (&parser->errors,
                      orc_parse_error_new (orc_parse_get_error_where (parser),
                                           parser->line_number, -1, text));
 +
 +#ifdef HAVE_VASPRINTF
 +  free (text);
 +#endif
 }
 static void
 -- 
 GitLab
 From abd75edff9de9a06d0531b9db50963a0da42145c Mon Sep 17 00:00:00 2001
 From: "L. E. Segovia" <amy@centricular.com>
 Date: Tue, 9 Jul 2024 12:03:53 -0300
 Subject: [PATCH 2/2] orccompiler, orcparse: Use secure UCRT printing functions
 on Windows
 See #69
 Part-of: <https://gitlab.freedesktop.org/gstreamer/orc/-/merge_requests/191>
 ---
 orc/orccompiler.c | 5 ++++-
 orc/orcparse.c    | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)
 diff --git a/orc/orccompiler.c b/orc/orccompiler.c
 index d3394612..617ae295 100644
 --- a/orc/orccompiler.c
 +++ b/orc/orccompiler.c
@@ -1485,12 +1485,15 @@ static void
 orc_compiler_error_valist (OrcCompiler *compiler, const char *fmt,
     va_list args)
 {
 -  char *s;
 +  char *s = NULL;
   if (compiler->error_msg) return;
 #ifdef HAVE_VASPRINTF
   vasprintf (&s, fmt, args);
 +#elif defined(_UCRT)
 +  s = malloc (ORC_COMPILER_ERROR_BUFFER_SIZE);
 +  vsnprintf_s (s, ORC_COMPILER_ERROR_BUFFER_SIZE, _TRUNCATE, fmt, args);
 #else
   s = malloc (ORC_COMPILER_ERROR_BUFFER_SIZE);
   vsnprintf (s, ORC_COMPILER_ERROR_BUFFER_SIZE, fmt, args);
 diff --git a/orc/orcparse.c b/orc/orcparse.c
 index ae4f1b6b..abeb9f59 100644
 --- a/orc/orcparse.c
 +++ b/orc/orcparse.c
@@ -429,8 +429,11 @@ orc_parse_add_error_valist (OrcParser *parser, const char *format, va_list args)
   }
 #ifdef HAVE_VASPRINTF
 -  char *text;
 +  char *text = NULL;
   vasprintf (&text, format, args);
 +#elif defined(_UCRT)
 +  char text[ORC_ERROR_LENGTH] = { '\0' };
 +  vsnprintf_s (text, ORC_ERROR_LENGTH, _TRUNCATE, format, args);
 #else
   char text[ORC_ERROR_LENGTH] = { '\0' };
   vsnprintf (text, sizeof (text), format, args);
 -- 
 GitLab
--- a/orc.changes
+++ b/orc.changes
@ -1,3 +1,11 @@
 -------------------------------------------------------------------
 Mon Jul 22 12:10:45 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
 - Add patch from upstream to fix a stack-based buffer overflow
  in the Orc compiler when formatting error messages (bsc#1228184,
  CVE-2024-40897):
  * 0001-Use-vasprintf-if-available-for-error-messages-and.patch 
 -------------------------------------------------------------------
 Wed Jun  7 13:37:52 UTC 2023 - pgajdos@suse.com
--- a/orc.spec
+++ b/orc.spec
@ -26,6 +26,7 @@ Group:          Productivity/Multimedia/Other
 URL:            https://gitlab.freedesktop.org/gstreamer/orc
 Source:         https://gstreamer.freedesktop.org/src/orc/%{name}-%{version}.tar.xz
 Source99:       baselibs.conf
 Patch0:         0001-Use-vasprintf-if-available-for-error-messages-and.patch
 BuildRequires:  gtk-doc >= 1.12
 BuildRequires:  meson >= 0.47.0
 BuildRequires:  pkgconfig