SLFO-pool/orc
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main orc revision ef310bece00793aaa4d0a4b14350b273

Browse Source
This commit is contained in:
Adrian Schröter 2025-02-07 18:13:31 +01:00
parent 3c9bb4c47b
commit c22f6cbb21
3 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
orc-check-return-value-of-vasprintf.patch Normal file
View File

@ -0,0 +1,54 @@
From 13ad22b4bc75feb71cefc6b9c0c9cb81ff8c73c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Mon, 5 Aug 2024 13:35:03 +0300
Subject: [PATCH] Check return value of vasprintf()
With glibc, on allocation failure it doesn't set the pointer to NULL but instead
conveniently leaves it undefined.
The BSD version is defined in a better way and sets the pointer to NULL to avoid
further footguns.
Simply abort() on allocation failure. In the other code paths where malloc() is
used, allocation failures are not checked like everywhere else in orc but it is
assumed that dereferencing a NULL pointer simply crashes the process.
Technically this is of course still undefined behaviour.
Part-of: <https://gitlab.freedesktop.org/gstreamer/orc/-/merge_requests/199>
---
orc/orccompiler.c | 3 ++-
orc/orcparse.c | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/orc/orccompiler.c b/orc/orccompiler.c
index 617ae295..3bc7da61 100644
--- a/orc/orccompiler.c
+++ b/orc/orccompiler.c
@@ -1490,7 +1490,8 @@ orc_compiler_error_valist (OrcCompiler *compiler, const char *fmt,
if (compiler->error_msg) return;
#ifdef HAVE_VASPRINTF
- vasprintf (&s, fmt, args);
+ if (vasprintf (&s, fmt, args) < 0)
+ ORC_ASSERT (0);
#elif defined(_UCRT)
s = malloc (ORC_COMPILER_ERROR_BUFFER_SIZE);
vsnprintf_s (s, ORC_COMPILER_ERROR_BUFFER_SIZE, _TRUNCATE, fmt, args);
diff --git a/orc/orcparse.c b/orc/orcparse.c
index abeb9f59..aa91395e 100644
--- a/orc/orcparse.c
+++ b/orc/orcparse.c
@@ -430,7 +430,8 @@ orc_parse_add_error_valist (OrcParser *parser, const char *format, va_list args)
#ifdef HAVE_VASPRINTF
char *text = NULL;
- vasprintf (&text, format, args);
+ if (vasprintf (&text, format, args) < 0)
+ ORC_ASSERT (0);
#elif defined(_UCRT)
char text[ORC_ERROR_LENGTH] = { '\0' };
vsnprintf_s (text, ORC_ERROR_LENGTH, _TRUNCATE, format, args);
--
GitLab

8
orc.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Jan 30 09:58:28 UTC 2025 - pgajdos@suse.com
- follow up of CVE-2024-40897 fix [bsc#1228184]
- added patches
fix https://gitlab.freedesktop.org/gstreamer/orc/-/commit/13ad22b4bc75feb71cefc6b9c0c9cb81ff8c73c4
+ orc-check-return-value-of-vasprintf.patch
-------------------------------------------------------------------
Mon Jul 22 12:10:45 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>

2
orc.spec
View File

@ -27,6 +27,8 @@ URL: https://gitlab.freedesktop.org/gstreamer/orc
Source: https://gstreamer.freedesktop.org/src/orc/%{name}-%{version}.tar.xz
Source99: baselibs.conf
Patch0: 0001-Use-vasprintf-if-available-for-error-messages-and.patch
# https://gitlab.freedesktop.org/gstreamer/orc/-/commit/13ad22b4bc75feb71cefc6b9c0c9cb81ff8c73c4
Patch1: orc-check-return-value-of-vasprintf.patch
BuildRequires: gtk-doc >= 1.12
BuildRequires: meson >= 0.47.0
BuildRequires: pkgconfig