Accepting request 297172 from home:msmeissn:branches:Publishing

- transfig-fix-afl.patch: fixed crashes due to uninitialized memory, found by afl. OBS-URL: https://build.opensuse.org/request/show/297172 OBS-URL: https://build.opensuse.org/package/show/Publishing/transfig?expand=0&rev=34
2015-04-19 19:33:35 +00:00 · 2015-04-19 19:33:35 +00:00 · 8918a5c772
commit 8918a5c772
parent 292b19be38
3 changed files with 59 additions and 1 deletions
--- a/transfig-fix-afl.patch
+++ b/transfig-fix-afl.patch
@ -0,0 +1,50 @@
+Index: transfig.3.2.5e/fig2dev/read1_3.c
+===================================================================
+--- transfig.3.2.5e.orig/fig2dev/read1_3.c
+++ transfig.3.2.5e/fig2dev/read1_3.c
+@@ -336,6 +336,7 @@ FILE			*fp;
+ 	l->back_arrow = NULL;
+ 	l->next = NULL;
+ 	l->points = Point_malloc(p);
+	l->points->next = NULL;
+ 	n = fscanf(fp, " %d %d %d %lf %d %d %d %d %d %d", &t, 
+ 		&l->style, &l->thickness, &l->style_val,
+ 		&f, &b, &h, &w, &p->x, &p->y);
+@@ -395,6 +396,7 @@ FILE	*fp;
+ 	s->controls = NULL;
+ 	s->next = NULL;
+ 	s->points = Point_malloc(p);
+	s->points->next = NULL;
+ 	n = fscanf(fp, " %d %d %d %lf %d %d %d %d %d %d", 
+ 	    	&t, &s->style, &s->thickness, &s->style_val,
+ 	    	&f, &b,
+Index: transfig.3.2.5e/fig2dev/alloc.h
+===================================================================
+--- transfig.3.2.5e.orig/fig2dev/alloc.h
+++ transfig.3.2.5e/fig2dev/alloc.h
+@@ -13,15 +13,15 @@
+  * notice remain intact.
+  */
+ 
+-#define		Line_malloc(z)		z = (F_line*)malloc(LINOBJ_SIZE)
+-#define		Pic_malloc(z)		z = (F_pic*)malloc(PIC_SIZE)
+-#define		Spline_malloc(z)	z = (F_spline*)malloc(SPLOBJ_SIZE)
+-#define		Ellipse_malloc(z)	z = (F_ellipse*)malloc(ELLOBJ_SIZE)
+-#define		Arc_malloc(z)		z = (F_arc*)malloc(ARCOBJ_SIZE)
+-#define		Compound_malloc(z)	z = (F_compound*)malloc(COMOBJ_SIZE)
+-#define		Text_malloc(z)		z = (F_text*)malloc(TEXOBJ_SIZE)
+-#define		Point_malloc(z)		z = (F_point*)malloc(POINT_SIZE)
+-#define		Control_malloc(z)	z = (F_control*)malloc(CONTROL_SIZE)
+-#define		Arrow_malloc(z)		z = (F_arrow*)malloc(ARROW_SIZE)
+#define		Line_malloc(z)		z = (F_line*)calloc(LINOBJ_SIZE,1)
+#define		Pic_malloc(z)		z = (F_pic*)calloc(PIC_SIZE,1)
+#define		Spline_malloc(z)	z = (F_spline*)calloc(SPLOBJ_SIZE,1)
+#define		Ellipse_malloc(z)	z = (F_ellipse*)calloc(ELLOBJ_SIZE,1)
+#define		Arc_malloc(z)		z = (F_arc*)calloc(ARCOBJ_SIZE,1)
+#define		Compound_malloc(z)	z = (F_compound*)calloc(COMOBJ_SIZE,1)
+#define		Text_malloc(z)		z = (F_text*)calloc(TEXOBJ_SIZE,1)
+#define		Point_malloc(z)		z = (F_point*)calloc(POINT_SIZE,1)
+#define		Control_malloc(z)	z = (F_control*)calloc(CONTROL_SIZE,1)
+#define		Arrow_malloc(z)		z = (F_arrow*)calloc(ARROW_SIZE,1)
+ 
+ extern char	Err_mem[];
--- a/transfig.changes
+++ b/transfig.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Apr 16 12:26:49 UTC 2015 - meissner@suse.com
+
+- transfig-fix-afl.patch: fixed crashes due to uninitialized memory,
+  found by afl.
+
 -------------------------------------------------------------------
 Tue Dec 10 14:50:19 UTC 2013 - werner@suse.de

--- a/transfig.spec
+++ b/transfig.spec
@ -1,7 +1,7 @@
 #
 # spec file for package transfig
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -52,6 +52,7 @@ Source1:        transfig.3.2.5d-patches.tar.bz2
 Patch0:         transfig.3.2.5d.dif
 Patch2:         transfig.3.2.5-binderman.dif
 Patch3:         transfig.3.2.5d-mediaboxrealnb.dif
+Patch4:         transfig-fix-afl.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %{expand: %%global _exec_prefix %(type -p pkg-config &>/dev/null && pkg-config --variable prefix x11 || echo /usr/X11R6)}
 %if "%_exec_prefix" == "/usr/X11R6"
@ -92,6 +93,7 @@ tar Oxfj %{S:1} | patch -p1 -s
 %patch0 -p0 -b .0
 %patch2 -p0 -b .bm
 %patch3 -p0 -b .mbox
+%patch4 -p1
 xmkmf -a -D_DATA='%{_data}'

 %build