forked from pool/coreutils
Accepting request 139627 from Base:System
Add upstream patch fixing a cp, mv and install error OBS-URL: https://build.opensuse.org/request/show/139627 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/coreutils?expand=0&rev=82
This commit is contained in:
commit
8855e7c9e7
99
coreutils-cp-corrupt-fragmented-sparse.patch
Normal file
99
coreutils-cp-corrupt-fragmented-sparse.patch
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
commit 64aef5fb9afecc023a6e719da161dbbf450908b8
|
||||||
|
Author: Jim Meyering <jim@meyering.net>
|
||||||
|
Date: Tue Oct 16 17:43:49 2012 +0200
|
||||||
|
|
||||||
|
cp: avoid data-corrupting free-memory-read
|
||||||
|
|
||||||
|
NEWS entry:
|
||||||
|
cp could read from freed memory and could even make corrupt copies.
|
||||||
|
This could happen with a very fragmented and sparse input file,
|
||||||
|
on GNU/Linux file systems supporting fiemap extent scanning.
|
||||||
|
This bug also affects mv when it resorts to copying, and install.
|
||||||
|
[bug introduced in coreutils-8.11]
|
||||||
|
|
||||||
|
* src/extent-scan.c (extent_scan_read): Reset our last_ei
|
||||||
|
pointer whenever the parent buffer might have just been freed.
|
||||||
|
* tests/cp/fiemap-extent-FMR.sh: New test.
|
||||||
|
* tests/local.mk (all_tests): Add it.
|
||||||
|
* NEWS (Bug fixes): Mention it.
|
||||||
|
Reported by Mike Gerth in http://bugs.gnu.org/12656, and with
|
||||||
|
help from Alan Curry. Bug introduced in commit v8.10-60-g18f5a85.
|
||||||
|
|
||||||
|
Index: src/extent-scan.c
|
||||||
|
===================================================================
|
||||||
|
--- src/extent-scan.c.orig
|
||||||
|
+++ src/extent-scan.c
|
||||||
|
@@ -89,7 +89,7 @@ extern bool
|
||||||
|
extent_scan_read (struct extent_scan *scan)
|
||||||
|
{
|
||||||
|
unsigned int si = 0;
|
||||||
|
- struct extent_info *last_ei IF_LINT ( = scan->ext_info);
|
||||||
|
+ struct extent_info *last_ei = scan->ext_info;
|
||||||
|
|
||||||
|
while (true)
|
||||||
|
{
|
||||||
|
@@ -127,8 +127,14 @@ extent_scan_read (struct extent_scan *sc
|
||||||
|
|
||||||
|
assert (scan->ei_count <= SIZE_MAX - fiemap->fm_mapped_extents);
|
||||||
|
scan->ei_count += fiemap->fm_mapped_extents;
|
||||||
|
- scan->ext_info = xnrealloc (scan->ext_info, scan->ei_count,
|
||||||
|
- sizeof (struct extent_info));
|
||||||
|
+ {
|
||||||
|
+ /* last_ei points into a buffer that may be freed via xnrealloc.
|
||||||
|
+ Record its offset and adjust after allocation. */
|
||||||
|
+ size_t prev_idx = last_ei - scan->ext_info;
|
||||||
|
+ scan->ext_info = xnrealloc (scan->ext_info, scan->ei_count,
|
||||||
|
+ sizeof (struct extent_info));
|
||||||
|
+ last_ei = scan->ext_info + prev_idx;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
unsigned int i = 0;
|
||||||
|
for (i = 0; i < fiemap->fm_mapped_extents; i++)
|
||||||
|
Index: tests/cp/fiemap-FMR
|
||||||
|
===================================================================
|
||||||
|
--- /dev/null
|
||||||
|
+++ tests/cp/fiemap-FMR
|
||||||
|
@@ -0,0 +1,31 @@
|
||||||
|
+#!/bin/sh
|
||||||
|
+# Trigger a free-memory read bug in cp from coreutils-[8.11..8.19]
|
||||||
|
+
|
||||||
|
+# Copyright (C) 2012 Free Software Foundation, Inc.
|
||||||
|
+
|
||||||
|
+# This program is free software: you can redistribute it and/or modify
|
||||||
|
+# it under the terms of the GNU General Public License as published by
|
||||||
|
+# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
+# (at your option) any later version.
|
||||||
|
+
|
||||||
|
+# This program is distributed in the hope that it will be useful,
|
||||||
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
+# GNU General Public License for more details.
|
||||||
|
+
|
||||||
|
+# You should have received a copy of the GNU General Public License
|
||||||
|
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
+
|
||||||
|
+. "${srcdir=.}/init.sh"; path_prepend_ ./src
|
||||||
|
+print_ver_ cp
|
||||||
|
+
|
||||||
|
+require_valgrind_
|
||||||
|
+require_perl_
|
||||||
|
+: ${PERL=perl}
|
||||||
|
+
|
||||||
|
+$PERL -e 'for (1..600) { sysseek (*STDOUT, 4096, 1)' \
|
||||||
|
+ -e '&& syswrite (*STDOUT, "a" x 1024) or die "$!"}' > j || fail=1
|
||||||
|
+valgrind --quiet --error-exitcode=3 cp j j2 || fail=1
|
||||||
|
+cmp j j2 || fail=1
|
||||||
|
+
|
||||||
|
+Exit $fail
|
||||||
|
Index: tests/Makefile.am
|
||||||
|
===================================================================
|
||||||
|
--- tests/Makefile.am.orig
|
||||||
|
+++ tests/Makefile.am
|
||||||
|
@@ -342,6 +342,7 @@ TESTS = \
|
||||||
|
cp/existing-perm-race \
|
||||||
|
cp/fail-perm \
|
||||||
|
cp/fiemap-empty \
|
||||||
|
+ cp/fiemap-FMR \
|
||||||
|
cp/fiemap-perf \
|
||||||
|
cp/fiemap-2 \
|
||||||
|
cp/file-perm-race \
|
@ -1,3 +1,14 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Oct 28 20:31:28 UTC 2012 - mail@bernhard-voelker.de
|
||||||
|
|
||||||
|
- Add upstream patch:
|
||||||
|
|
||||||
|
* cp could read from freed memory and could even make corrupt copies.
|
||||||
|
This could happen with a very fragmented and sparse input file,
|
||||||
|
on GNU/Linux file systems supporting fiemap extent scanning.
|
||||||
|
This bug also affects mv when it resorts to copying, and install.
|
||||||
|
[bug introduced in coreutils-8.11]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Sep 21 11:55:12 UTC 2012 - froh@suse.com
|
Fri Sep 21 11:55:12 UTC 2012 - froh@suse.com
|
||||||
|
|
||||||
|
@ -76,6 +76,7 @@ Patch33: coreutils-8.9-singlethreaded-sort.patch
|
|||||||
Patch34: coreutils-acl-nofollow.patch
|
Patch34: coreutils-acl-nofollow.patch
|
||||||
Patch36: coreutils-basename_documentation.patch
|
Patch36: coreutils-basename_documentation.patch
|
||||||
Patch37: coreutils-bnc#697897-setsid.patch
|
Patch37: coreutils-bnc#697897-setsid.patch
|
||||||
|
Patch38: coreutils-cp-corrupt-fragmented-sparse.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
# this will create a cycle, broken up randomly - coreutils is just too core to have other
|
# this will create a cycle, broken up randomly - coreutils is just too core to have other
|
||||||
# prerequires
|
# prerequires
|
||||||
@ -119,6 +120,7 @@ uname unexpand uniq unlink uptime users vdir wc who whoami yes
|
|||||||
%patch34
|
%patch34
|
||||||
%patch36
|
%patch36
|
||||||
%patch37
|
%patch37
|
||||||
|
%patch38
|
||||||
|
|
||||||
xz -dc %{S:4} >po/de.po
|
xz -dc %{S:4} >po/de.po
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user