From 8918a5c7723efb910b2ba776cc77fcf4f6811455b82ab8f97666e33555052b34 Mon Sep 17 00:00:00 2001 From: OBS User mrdocs Date: Sun, 19 Apr 2015 19:33:35 +0000 Subject: [PATCH] Accepting request 297172 from home:msmeissn:branches:Publishing - transfig-fix-afl.patch: fixed crashes due to uninitialized memory, found by afl. OBS-URL: https://build.opensuse.org/request/show/297172 OBS-URL: https://build.opensuse.org/package/show/Publishing/transfig?expand=0&rev=34 --- transfig-fix-afl.patch | 50 ++++++++++++++++++++++++++++++++++++++++++ transfig.changes | 6 +++++ transfig.spec | 4 +++- 3 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 transfig-fix-afl.patch diff --git a/transfig-fix-afl.patch b/transfig-fix-afl.patch new file mode 100644 index 0000000..90b8454 --- /dev/null +++ b/transfig-fix-afl.patch @@ -0,0 +1,50 @@ +Index: transfig.3.2.5e/fig2dev/read1_3.c +=================================================================== +--- transfig.3.2.5e.orig/fig2dev/read1_3.c ++++ transfig.3.2.5e/fig2dev/read1_3.c +@@ -336,6 +336,7 @@ FILE *fp; + l->back_arrow = NULL; + l->next = NULL; + l->points = Point_malloc(p); ++ l->points->next = NULL; + n = fscanf(fp, " %d %d %d %lf %d %d %d %d %d %d", &t, + &l->style, &l->thickness, &l->style_val, + &f, &b, &h, &w, &p->x, &p->y); +@@ -395,6 +396,7 @@ FILE *fp; + s->controls = NULL; + s->next = NULL; + s->points = Point_malloc(p); ++ s->points->next = NULL; + n = fscanf(fp, " %d %d %d %lf %d %d %d %d %d %d", + &t, &s->style, &s->thickness, &s->style_val, + &f, &b, +Index: transfig.3.2.5e/fig2dev/alloc.h +=================================================================== +--- transfig.3.2.5e.orig/fig2dev/alloc.h ++++ transfig.3.2.5e/fig2dev/alloc.h +@@ -13,15 +13,15 @@ + * notice remain intact. + */ + +-#define Line_malloc(z) z = (F_line*)malloc(LINOBJ_SIZE) +-#define Pic_malloc(z) z = (F_pic*)malloc(PIC_SIZE) +-#define Spline_malloc(z) z = (F_spline*)malloc(SPLOBJ_SIZE) +-#define Ellipse_malloc(z) z = (F_ellipse*)malloc(ELLOBJ_SIZE) +-#define Arc_malloc(z) z = (F_arc*)malloc(ARCOBJ_SIZE) +-#define Compound_malloc(z) z = (F_compound*)malloc(COMOBJ_SIZE) +-#define Text_malloc(z) z = (F_text*)malloc(TEXOBJ_SIZE) +-#define Point_malloc(z) z = (F_point*)malloc(POINT_SIZE) +-#define Control_malloc(z) z = (F_control*)malloc(CONTROL_SIZE) +-#define Arrow_malloc(z) z = (F_arrow*)malloc(ARROW_SIZE) ++#define Line_malloc(z) z = (F_line*)calloc(LINOBJ_SIZE,1) ++#define Pic_malloc(z) z = (F_pic*)calloc(PIC_SIZE,1) ++#define Spline_malloc(z) z = (F_spline*)calloc(SPLOBJ_SIZE,1) ++#define Ellipse_malloc(z) z = (F_ellipse*)calloc(ELLOBJ_SIZE,1) ++#define Arc_malloc(z) z = (F_arc*)calloc(ARCOBJ_SIZE,1) ++#define Compound_malloc(z) z = (F_compound*)calloc(COMOBJ_SIZE,1) ++#define Text_malloc(z) z = (F_text*)calloc(TEXOBJ_SIZE,1) ++#define Point_malloc(z) z = (F_point*)calloc(POINT_SIZE,1) ++#define Control_malloc(z) z = (F_control*)calloc(CONTROL_SIZE,1) ++#define Arrow_malloc(z) z = (F_arrow*)calloc(ARROW_SIZE,1) + + extern char Err_mem[]; diff --git a/transfig.changes b/transfig.changes index 9fb930e..9d45fe9 100644 --- a/transfig.changes +++ b/transfig.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Apr 16 12:26:49 UTC 2015 - meissner@suse.com + +- transfig-fix-afl.patch: fixed crashes due to uninitialized memory, + found by afl. + ------------------------------------------------------------------- Tue Dec 10 14:50:19 UTC 2013 - werner@suse.de diff --git a/transfig.spec b/transfig.spec index cab6e83..8df033b 100644 --- a/transfig.spec +++ b/transfig.spec @@ -1,7 +1,7 @@ # # spec file for package transfig # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -52,6 +52,7 @@ Source1: transfig.3.2.5d-patches.tar.bz2 Patch0: transfig.3.2.5d.dif Patch2: transfig.3.2.5-binderman.dif Patch3: transfig.3.2.5d-mediaboxrealnb.dif +Patch4: transfig-fix-afl.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %{expand: %%global _exec_prefix %(type -p pkg-config &>/dev/null && pkg-config --variable prefix x11 || echo /usr/X11R6)} %if "%_exec_prefix" == "/usr/X11R6" @@ -92,6 +93,7 @@ tar Oxfj %{S:1} | patch -p1 -s %patch0 -p0 -b .0 %patch2 -p0 -b .bm %patch3 -p0 -b .mbox +%patch4 -p1 xmkmf -a -D_DATA='%{_data}' %build