- Avoid segmentation fault in "join -i" with long line input (bnc#798541, VUL-1)

* src/join.c: Instead of usig unreliable alloca() stack allocation,
    use heap allocation via xmalloc()+free().
    (coreutils-i18n.patch, from Philipp Thomas <pth@suse.de>)
- Avoid segmentation fault in "sort -d" and "sort -M" with long line input
  (bnc#798538, VUL-1)
  * src/sort.c: Instead of usig unreliable alloca() stack allocation,
    use heap allocation via xmalloc()+free().
    (coreutils-i18n.patch, from Philipp Thomas <pth@suse.de>)

OBS-URL: https://build.opensuse.org/package/show/Base:System/coreutils?expand=0&rev=173
This commit is contained in:
Bernhard Voelker 2013-01-17 16:45:17 +00:00 committed by Git OBS Bridge
parent 26558dd009
commit 94e801cf55
5 changed files with 73 additions and 27 deletions

View File

@ -2,7 +2,7 @@ Index: src/sort.c
===================================================================
--- src/sort.c.orig
+++ src/sort.c
@@ -5286,7 +5286,11 @@ main (int argc, char **argv)
@@ -5291,7 +5291,11 @@ main (int argc, char **argv)
{
if (!nthreads)
{

View File

@ -1469,7 +1469,7 @@ Index: src/join.c
static void
freeline (struct line *line)
{
@@ -313,56 +472,115 @@ keycmp (struct line const *line1, struct
@@ -313,56 +472,130 @@ keycmp (struct line const *line1, struct
size_t jf_1, size_t jf_2)
{
/* Start of field to compare in each file. */
@ -1483,6 +1483,7 @@ Index: src/join.c
+ size_t len[2]; /* Length of fields to compare. */
int diff;
+ int i, j;
+ int mallocd = 0;
if (jf_1 < line1->nfields)
{
@ -1538,7 +1539,8 @@ Index: src/join.c
+
+ for (i = 0; i < 2; i++)
+ {
+ copy[i] = alloca (len[i] + 1);
+ mallocd = 1;
+ copy[i] = xmalloc (len[i] + 1);
+
+ for (j = 0; j < MIN (len[0], len[1]);)
+ {
@ -1578,7 +1580,8 @@ Index: src/join.c
+ {
+ for (i = 0; i < 2; i++)
+ {
+ copy[i] = alloca (len[i] + 1);
+ mallocd = 1;
+ copy[i] = xmalloc (len[i] + 1);
+
+ for (j = 0; j < MIN (len[0], len[1]); j++)
+ copy[i][j] = toupper (beg[i][j]);
@ -1594,12 +1597,24 @@ Index: src/join.c
- diff = memcmp (beg1, beg2, MIN (len1, len2));
+ copy[0] = (unsigned char *) beg[0];
+ copy[1] = (unsigned char *) beg[1];
+ }
+
+ if (hard_LC_COLLATE)
+ {
+ diff = xmemcoll ((char *) copy[0], len[0], (char *) copy[1], len[1]);
+
+ if (mallocd)
+ for (i = 0; i < 2; i++)
+ free (copy[i]);
+
+ return diff;
}
+ if (hard_LC_COLLATE)
+ return xmemcoll ((char *) copy[0], len[0], (char *) copy[1], len[1]);
+ diff = memcmp (copy[0], copy[1], MIN (len[0], len[1]));
+
+ if (mallocd)
+ for (i = 0; i < 2; i++)
+ free (copy[i]);
+
if (diff)
return diff;
@ -1608,7 +1623,7 @@ Index: src/join.c
}
/* Check that successive input lines PREV and CURRENT from input file
@@ -454,6 +672,12 @@ get_line (FILE *fp, struct line **linep,
@@ -454,6 +687,12 @@ get_line (FILE *fp, struct line **linep,
}
++line_no[which - 1];
@ -1621,7 +1636,7 @@ Index: src/join.c
xfields (line);
if (prevline[which - 1])
@@ -552,22 +776,29 @@ prfield (size_t n, struct line const *li
@@ -552,22 +791,29 @@ prfield (size_t n, struct line const *li
}
/* Output all the fields in line, other than the join field. */
@ -1654,7 +1669,7 @@ Index: src/join.c
prfield (i, line);
}
}
@@ -578,7 +809,6 @@ static void
@@ -578,7 +824,6 @@ static void
prjoin (struct line const *line1, struct line const *line2)
{
const struct outlist *outlist;
@ -1662,7 +1677,7 @@ Index: src/join.c
size_t field;
struct line const *line;
@@ -612,7 +842,7 @@ prjoin (struct line const *line1, struct
@@ -612,7 +857,7 @@ prjoin (struct line const *line1, struct
o = o->next;
if (o == NULL)
break;
@ -1671,7 +1686,7 @@ Index: src/join.c
}
putchar ('\n');
}
@@ -1090,21 +1320,46 @@ main (int argc, char **argv)
@@ -1090,21 +1335,46 @@ main (int argc, char **argv)
case 't':
{
@ -3038,7 +3053,7 @@ Index: src/sort.c
&& ((!key->skipsblanks && !(implicit_skip || maybe_space_aligned))
|| (!key->skipsblanks && key->schar)
|| (!key->skipeblanks && key->echar)))
@@ -2442,11 +2804,83 @@ key_warnings (struct keyfield const *gke
@@ -2442,11 +2804,87 @@ key_warnings (struct keyfield const *gke
error (0, 0, _("option '-r' only applies to last-resort comparison"));
}
@ -3065,13 +3080,13 @@ Index: src/sort.c
+ if (len == 0)
+ return 0;
+
+ month = (char *) alloca (len + 1);
+ month = (char *) xmalloc (len + 1);
+
+ tmp = (char *) alloca (len + 1);
+ tmp = (char *) xmalloc (len + 1);
+ memcpy (tmp, s, len);
+ tmp[len] = '\0';
+ pp = (const char **)&tmp;
+ month_wcs = (wchar_t *) alloca ((len + 1) * sizeof (wchar_t));
+ month_wcs = (wchar_t *) xmalloc ((len + 1) * sizeof (wchar_t));
+ memset (&state, '\0', sizeof(mbstate_t));
+
+ wclength = mbsrtowcs (month_wcs, pp, len + 1, &state);
@ -3110,6 +3125,10 @@ Index: src/sort.c
+ result = (!strncmp (month, monthtab[lo].name, strlen (monthtab[lo].name))
+ ? monthtab[lo].val : 0);
+
+ free (month);
+ free (tmp);
+ free (month_wcs);
+
+ return result;
+}
+#endif
@ -3123,7 +3142,7 @@ Index: src/sort.c
{
struct keyfield *key = keylist;
@@ -2531,7 +2965,7 @@ keycompare (struct line const *a, struct
@@ -2531,7 +2969,7 @@ keycompare (struct line const *a, struct
else if (key->human_numeric)
diff = human_numcompare (ta, tb);
else if (key->month)
@ -3132,7 +3151,7 @@ Index: src/sort.c
else if (key->random)
diff = compare_random (ta, tlena, tb, tlenb);
else if (key->version)
@@ -2647,6 +3081,180 @@ keycompare (struct line const *a, struct
@@ -2647,6 +3085,181 @@ keycompare (struct line const *a, struct
return key->reverse ? -diff : diff;
}
@ -3188,7 +3207,7 @@ Index: src/sort.c
+ {
+ if (ignore || translate)
+ {
+ char *copy_a = (char *) alloca (lena + 1 + lenb + 1);
+ char *copy_a = xmalloc (lena + 1 + lenb + 1);
+ char *copy_b = copy_a + lena + 1;
+ size_t new_len_a, new_len_b;
+ size_t i, j;
@ -3264,6 +3283,7 @@ Index: src/sort.c
+ IGNORE_CHARS (new_len_b, lenb, textb, copy_b,
+ wc_b, mblength_b, state_b);
+ diff = xmemcoll (copy_a, new_len_a, copy_b, new_len_b);
+ free(copy_a);
+ }
+ else if (lena == 0)
+ diff = - NONZERO (lenb);
@ -3313,7 +3333,7 @@ Index: src/sort.c
/* Compare two lines A and B, returning negative, zero, or positive
depending on whether A compares less than, equal to, or greater than B. */
@@ -4107,7 +4715,7 @@ main (int argc, char **argv)
@@ -4107,7 +4720,7 @@ main (int argc, char **argv)
initialize_exit_failure (SORT_FAILURE);
hard_LC_COLLATE = hard_locale (LC_COLLATE);
@ -3322,7 +3342,7 @@ Index: src/sort.c
hard_LC_TIME = hard_locale (LC_TIME);
#endif
@@ -4128,6 +4736,29 @@ main (int argc, char **argv)
@@ -4128,6 +4741,29 @@ main (int argc, char **argv)
thousands_sep = -1;
}
@ -3352,7 +3372,7 @@ Index: src/sort.c
have_read_stdin = false;
inittables ();
@@ -4398,13 +5029,34 @@ main (int argc, char **argv)
@@ -4398,13 +5034,34 @@ main (int argc, char **argv)
case 't':
{
@ -3391,7 +3411,7 @@ Index: src/sort.c
else
{
/* Provoke with 'sort -txx'. Complain about
@@ -4415,9 +5067,12 @@ main (int argc, char **argv)
@@ -4415,9 +5072,12 @@ main (int argc, char **argv)
quote (optarg));
}
}
@ -3874,7 +3894,7 @@ Index: src/uniq.c
+
+ for (i = 0; i < 2; i++)
+ {
+ copy[i] = xmalloc (sizeof(char) * (len[i] + 1));
+ copy[i] = xmalloc (len[i] + 1);
+
+ for (j = 0, chars = 0; j < len[i] && chars < check_chars; chars++)
+ {

View File

@ -2,7 +2,7 @@ Index: src/join.c
===================================================================
--- src/join.c.orig
+++ src/join.c
@@ -1320,7 +1320,7 @@ main (int argc, char **argv)
@@ -1335,7 +1335,7 @@ main (int argc, char **argv)
case 't':
{
@ -11,7 +11,7 @@ Index: src/join.c
size_t newtablen;
newtab = xstrdup (optarg);
#if HAVE_MBRTOWC
@@ -1342,7 +1342,7 @@ main (int argc, char **argv)
@@ -1357,7 +1357,7 @@ main (int argc, char **argv)
newtablen = 1;
if (! newtab)
{

View File

@ -1,5 +1,18 @@
-------------------------------------------------------------------
Wed Jan 16 18:26:15 UTC 2013 - mail@bernhard-voelker.de
Thu Jan 17 16:41:34 UTC 2013 - mail@bernhard-voelker.de
- Avoid segmentation fault in "join -i" with long line input (bnc#798541, VUL-1)
* src/join.c: Instead of usig unreliable alloca() stack allocation,
use heap allocation via xmalloc()+free().
(coreutils-i18n.patch, from Philipp Thomas <pth@suse.de>)
- Avoid segmentation fault in "sort -d" and "sort -M" with long line input
(bnc#798538, VUL-1)
* src/sort.c: Instead of usig unreliable alloca() stack allocation,
use heap allocation via xmalloc()+free().
(coreutils-i18n.patch, from Philipp Thomas <pth@suse.de>)
- Avoid segmentation fault in "uniq" with long line input (bnc#796243, VUL-1)

View File

@ -1,5 +1,18 @@
-------------------------------------------------------------------
Wed Jan 16 18:26:15 UTC 2013 - mail@bernhard-voelker.de
Thu Jan 17 16:41:34 UTC 2013 - mail@bernhard-voelker.de
- Avoid segmentation fault in "join -i" with long line input (bnc#798541, VUL-1)
* src/join.c: Instead of usig unreliable alloca() stack allocation,
use heap allocation via xmalloc()+free().
(coreutils-i18n.patch, from Philipp Thomas <pth@suse.de>)
- Avoid segmentation fault in "sort -d" and "sort -M" with long line input
(bnc#798538, VUL-1)
* src/sort.c: Instead of usig unreliable alloca() stack allocation,
use heap allocation via xmalloc()+free().
(coreutils-i18n.patch, from Philipp Thomas <pth@suse.de>)
- Avoid segmentation fault in "uniq" with long line input (bnc#796243, VUL-1)