Accepting request 208551 from home:netsroth:branches:devel:libraries:c_c++

Add patch against malloc int overflow OBS-URL: https://build.opensuse.org/request/show/208551 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/boost?expand=0&rev=114
2013-11-26 16:13:25 +00:00 · 2013-11-26 16:13:25 +00:00 · 534ea3a38c
commit 534ea3a38c
parent 1240cf29df
3 changed files with 45 additions and 0 deletions
--- a/boost-pool_check_overflow.patch
+++ b/boost-pool_check_overflow.patch
@ -0,0 +1,36 @@
+Upstream URL: https://svn.boost.org/trac/boost/ticket/6701
+
+Check that request size doesn't overflow.
+
+Index: boost/pool/pool.hpp
+===================================================================
+--- boost/pool/pool.hpp.orig	2007-11-25 19:07:19.000000000 +0100
+++ boost/pool/pool.hpp	2012-06-22 13:03:49.422438613 +0200
+@@ -10,6 +10,8 @@
+ #define BOOST_POOL_HPP
+ 
+ #include <boost/config.hpp>  // for workarounds
+// std::numeric_limits
+#include <boost/limits.hpp>
+ 
+ // std::less, std::less_equal, std::greater
+ #include <functional>
+@@ -793,6 +793,9 @@ void * pool<UserAllocator>::ordered_mall
+   //! \returns Address of chunk n if allocated ok.
+   //! \returns 0 if not enough memory for n chunks.
+ 
+  if (requested_size && (n > (std::numeric_limits<size_type>::max)() / requested_size))
+    return 0;
+
+   const size_type partition_size = alloc_size();
+   const size_type total_req_size = n * requested_size;
+   const size_type num_chunks = total_req_size / partition_size +
+@@ -975,6 +979,8 @@
+   {
+      if(max_alloc_size && (n > max_alloc_size))
+         return 0;
+     if(chunk_size && (n > (std::numeric_limits<size_type>::max)() / chunk_size))
+        return 0;
+      void* ret = (user_allocator::malloc)(chunk_size * n);
+      used_list.insert(ret);
+      return ret;
--- a/boost.changes
+++ b/boost.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Nov 26 16:13:00 CET 2013 - tbehrens@suse.com
+
+- Add boost-pool_check_overflow.patch: Prevent possible overflow when
+  calculating the amount to malloc (bnc#765443).
+  Fix from https://svn.boost.org/trac/boost/ticket/6701
+
 -------------------------------------------------------------------
 Sun Oct 20 12:51:53 UTC 2013 - jengelh@inai.de

--- a/boost.spec
+++ b/boost.spec
@ -105,6 +105,7 @@ Source4:        existing_extra_docs
 Patch1:         boost-thread.patch
 Patch2:         boost-no_type_punning.patch
 Patch8:         boost-no_segfault_in_Regex_filter.patch
+Patch9:         boost-pool_check_overflow.patch
 Patch20:        boost-strict_aliasing.patch
 Patch50:        boost-use_std_xml_catalog.patch
 Patch60:        boost-glibc-2.18.patch
@ -421,6 +422,7 @@ find -type f ! \( -name \*.sh -o -name \*.py -o -name \*.pl \) -exec chmod -x {}
 %patch1
 %patch2
 %patch8
+%patch9
 %patch20
 %patch50
 %patch60 -p1