From 94e801cf55202c3de7e0bc7d15b5c64608ca16e56d65979dd20c550960c2262d Mon Sep 17 00:00:00 2001 From: Bernhard Voelker Date: Thu, 17 Jan 2013 16:45:17 +0000 Subject: [PATCH] - Avoid segmentation fault in "join -i" with long line input (bnc#798541, VUL-1) * src/join.c: Instead of usig unreliable alloca() stack allocation, use heap allocation via xmalloc()+free(). (coreutils-i18n.patch, from Philipp Thomas ) - Avoid segmentation fault in "sort -d" and "sort -M" with long line input (bnc#798538, VUL-1) * src/sort.c: Instead of usig unreliable alloca() stack allocation, use heap allocation via xmalloc()+free(). (coreutils-i18n.patch, from Philipp Thomas ) OBS-URL: https://build.opensuse.org/package/show/Base:System/coreutils?expand=0&rev=173 --- coreutils-8.9-singlethreaded-sort.patch | 2 +- coreutils-i18n.patch | 64 ++++++++++++++++--------- coreutils-ptr_int_casts.patch | 4 +- coreutils-testsuite.changes | 15 +++++- coreutils.changes | 15 +++++- 5 files changed, 73 insertions(+), 27 deletions(-) diff --git a/coreutils-8.9-singlethreaded-sort.patch b/coreutils-8.9-singlethreaded-sort.patch index e443c30..376457b 100644 --- a/coreutils-8.9-singlethreaded-sort.patch +++ b/coreutils-8.9-singlethreaded-sort.patch @@ -2,7 +2,7 @@ Index: src/sort.c =================================================================== --- src/sort.c.orig +++ src/sort.c -@@ -5286,7 +5286,11 @@ main (int argc, char **argv) +@@ -5291,7 +5291,11 @@ main (int argc, char **argv) { if (!nthreads) { diff --git a/coreutils-i18n.patch b/coreutils-i18n.patch index 64e92dd..e3c66a4 100644 --- a/coreutils-i18n.patch +++ b/coreutils-i18n.patch @@ -1469,7 +1469,7 @@ Index: src/join.c static void freeline (struct line *line) { -@@ -313,56 +472,115 @@ keycmp (struct line const *line1, struct +@@ -313,56 +472,130 @@ keycmp (struct line const *line1, struct size_t jf_1, size_t jf_2) { /* Start of field to compare in each file. */ @@ -1483,6 +1483,7 @@ Index: src/join.c + size_t len[2]; /* Length of fields to compare. */ int diff; + int i, j; ++ int mallocd = 0; if (jf_1 < line1->nfields) { @@ -1538,7 +1539,8 @@ Index: src/join.c + + for (i = 0; i < 2; i++) + { -+ copy[i] = alloca (len[i] + 1); ++ mallocd = 1; ++ copy[i] = xmalloc (len[i] + 1); + + for (j = 0; j < MIN (len[0], len[1]);) + { @@ -1578,7 +1580,8 @@ Index: src/join.c + { + for (i = 0; i < 2; i++) + { -+ copy[i] = alloca (len[i] + 1); ++ mallocd = 1; ++ copy[i] = xmalloc (len[i] + 1); + + for (j = 0; j < MIN (len[0], len[1]); j++) + copy[i][j] = toupper (beg[i][j]); @@ -1594,12 +1597,24 @@ Index: src/join.c - diff = memcmp (beg1, beg2, MIN (len1, len2)); + copy[0] = (unsigned char *) beg[0]; + copy[1] = (unsigned char *) beg[1]; ++ } ++ ++ if (hard_LC_COLLATE) ++ { ++ diff = xmemcoll ((char *) copy[0], len[0], (char *) copy[1], len[1]); ++ ++ if (mallocd) ++ for (i = 0; i < 2; i++) ++ free (copy[i]); ++ ++ return diff; } -+ if (hard_LC_COLLATE) -+ return xmemcoll ((char *) copy[0], len[0], (char *) copy[1], len[1]); + diff = memcmp (copy[0], copy[1], MIN (len[0], len[1])); + ++ if (mallocd) ++ for (i = 0; i < 2; i++) ++ free (copy[i]); + if (diff) return diff; @@ -1608,7 +1623,7 @@ Index: src/join.c } /* Check that successive input lines PREV and CURRENT from input file -@@ -454,6 +672,12 @@ get_line (FILE *fp, struct line **linep, +@@ -454,6 +687,12 @@ get_line (FILE *fp, struct line **linep, } ++line_no[which - 1]; @@ -1621,7 +1636,7 @@ Index: src/join.c xfields (line); if (prevline[which - 1]) -@@ -552,22 +776,29 @@ prfield (size_t n, struct line const *li +@@ -552,22 +791,29 @@ prfield (size_t n, struct line const *li } /* Output all the fields in line, other than the join field. */ @@ -1654,7 +1669,7 @@ Index: src/join.c prfield (i, line); } } -@@ -578,7 +809,6 @@ static void +@@ -578,7 +824,6 @@ static void prjoin (struct line const *line1, struct line const *line2) { const struct outlist *outlist; @@ -1662,7 +1677,7 @@ Index: src/join.c size_t field; struct line const *line; -@@ -612,7 +842,7 @@ prjoin (struct line const *line1, struct +@@ -612,7 +857,7 @@ prjoin (struct line const *line1, struct o = o->next; if (o == NULL) break; @@ -1671,7 +1686,7 @@ Index: src/join.c } putchar ('\n'); } -@@ -1090,21 +1320,46 @@ main (int argc, char **argv) +@@ -1090,21 +1335,46 @@ main (int argc, char **argv) case 't': { @@ -3038,7 +3053,7 @@ Index: src/sort.c && ((!key->skipsblanks && !(implicit_skip || maybe_space_aligned)) || (!key->skipsblanks && key->schar) || (!key->skipeblanks && key->echar))) -@@ -2442,11 +2804,83 @@ key_warnings (struct keyfield const *gke +@@ -2442,11 +2804,87 @@ key_warnings (struct keyfield const *gke error (0, 0, _("option '-r' only applies to last-resort comparison")); } @@ -3065,13 +3080,13 @@ Index: src/sort.c + if (len == 0) + return 0; + -+ month = (char *) alloca (len + 1); ++ month = (char *) xmalloc (len + 1); + -+ tmp = (char *) alloca (len + 1); ++ tmp = (char *) xmalloc (len + 1); + memcpy (tmp, s, len); + tmp[len] = '\0'; + pp = (const char **)&tmp; -+ month_wcs = (wchar_t *) alloca ((len + 1) * sizeof (wchar_t)); ++ month_wcs = (wchar_t *) xmalloc ((len + 1) * sizeof (wchar_t)); + memset (&state, '\0', sizeof(mbstate_t)); + + wclength = mbsrtowcs (month_wcs, pp, len + 1, &state); @@ -3110,6 +3125,10 @@ Index: src/sort.c + result = (!strncmp (month, monthtab[lo].name, strlen (monthtab[lo].name)) + ? monthtab[lo].val : 0); + ++ free (month); ++ free (tmp); ++ free (month_wcs); ++ + return result; +} +#endif @@ -3123,7 +3142,7 @@ Index: src/sort.c { struct keyfield *key = keylist; -@@ -2531,7 +2965,7 @@ keycompare (struct line const *a, struct +@@ -2531,7 +2969,7 @@ keycompare (struct line const *a, struct else if (key->human_numeric) diff = human_numcompare (ta, tb); else if (key->month) @@ -3132,7 +3151,7 @@ Index: src/sort.c else if (key->random) diff = compare_random (ta, tlena, tb, tlenb); else if (key->version) -@@ -2647,6 +3081,180 @@ keycompare (struct line const *a, struct +@@ -2647,6 +3085,181 @@ keycompare (struct line const *a, struct return key->reverse ? -diff : diff; } @@ -3188,7 +3207,7 @@ Index: src/sort.c + { + if (ignore || translate) + { -+ char *copy_a = (char *) alloca (lena + 1 + lenb + 1); ++ char *copy_a = xmalloc (lena + 1 + lenb + 1); + char *copy_b = copy_a + lena + 1; + size_t new_len_a, new_len_b; + size_t i, j; @@ -3264,6 +3283,7 @@ Index: src/sort.c + IGNORE_CHARS (new_len_b, lenb, textb, copy_b, + wc_b, mblength_b, state_b); + diff = xmemcoll (copy_a, new_len_a, copy_b, new_len_b); ++ free(copy_a); + } + else if (lena == 0) + diff = - NONZERO (lenb); @@ -3313,7 +3333,7 @@ Index: src/sort.c /* Compare two lines A and B, returning negative, zero, or positive depending on whether A compares less than, equal to, or greater than B. */ -@@ -4107,7 +4715,7 @@ main (int argc, char **argv) +@@ -4107,7 +4720,7 @@ main (int argc, char **argv) initialize_exit_failure (SORT_FAILURE); hard_LC_COLLATE = hard_locale (LC_COLLATE); @@ -3322,7 +3342,7 @@ Index: src/sort.c hard_LC_TIME = hard_locale (LC_TIME); #endif -@@ -4128,6 +4736,29 @@ main (int argc, char **argv) +@@ -4128,6 +4741,29 @@ main (int argc, char **argv) thousands_sep = -1; } @@ -3352,7 +3372,7 @@ Index: src/sort.c have_read_stdin = false; inittables (); -@@ -4398,13 +5029,34 @@ main (int argc, char **argv) +@@ -4398,13 +5034,34 @@ main (int argc, char **argv) case 't': { @@ -3391,7 +3411,7 @@ Index: src/sort.c else { /* Provoke with 'sort -txx'. Complain about -@@ -4415,9 +5067,12 @@ main (int argc, char **argv) +@@ -4415,9 +5072,12 @@ main (int argc, char **argv) quote (optarg)); } } @@ -3874,7 +3894,7 @@ Index: src/uniq.c + + for (i = 0; i < 2; i++) + { -+ copy[i] = xmalloc (sizeof(char) * (len[i] + 1)); ++ copy[i] = xmalloc (len[i] + 1); + + for (j = 0, chars = 0; j < len[i] && chars < check_chars; chars++) + { diff --git a/coreutils-ptr_int_casts.patch b/coreutils-ptr_int_casts.patch index 588a5d8..96a8ebc 100644 --- a/coreutils-ptr_int_casts.patch +++ b/coreutils-ptr_int_casts.patch @@ -2,7 +2,7 @@ Index: src/join.c =================================================================== --- src/join.c.orig +++ src/join.c -@@ -1320,7 +1320,7 @@ main (int argc, char **argv) +@@ -1335,7 +1335,7 @@ main (int argc, char **argv) case 't': { @@ -11,7 +11,7 @@ Index: src/join.c size_t newtablen; newtab = xstrdup (optarg); #if HAVE_MBRTOWC -@@ -1342,7 +1342,7 @@ main (int argc, char **argv) +@@ -1357,7 +1357,7 @@ main (int argc, char **argv) newtablen = 1; if (! newtab) { diff --git a/coreutils-testsuite.changes b/coreutils-testsuite.changes index 67b4692..1d0bb0b 100644 --- a/coreutils-testsuite.changes +++ b/coreutils-testsuite.changes @@ -1,5 +1,18 @@ ------------------------------------------------------------------- -Wed Jan 16 18:26:15 UTC 2013 - mail@bernhard-voelker.de +Thu Jan 17 16:41:34 UTC 2013 - mail@bernhard-voelker.de + +- Avoid segmentation fault in "join -i" with long line input (bnc#798541, VUL-1) + + * src/join.c: Instead of usig unreliable alloca() stack allocation, + use heap allocation via xmalloc()+free(). + (coreutils-i18n.patch, from Philipp Thomas ) + +- Avoid segmentation fault in "sort -d" and "sort -M" with long line input + (bnc#798538, VUL-1) + + * src/sort.c: Instead of usig unreliable alloca() stack allocation, + use heap allocation via xmalloc()+free(). + (coreutils-i18n.patch, from Philipp Thomas ) - Avoid segmentation fault in "uniq" with long line input (bnc#796243, VUL-1) diff --git a/coreutils.changes b/coreutils.changes index 67b4692..1d0bb0b 100644 --- a/coreutils.changes +++ b/coreutils.changes @@ -1,5 +1,18 @@ ------------------------------------------------------------------- -Wed Jan 16 18:26:15 UTC 2013 - mail@bernhard-voelker.de +Thu Jan 17 16:41:34 UTC 2013 - mail@bernhard-voelker.de + +- Avoid segmentation fault in "join -i" with long line input (bnc#798541, VUL-1) + + * src/join.c: Instead of usig unreliable alloca() stack allocation, + use heap allocation via xmalloc()+free(). + (coreutils-i18n.patch, from Philipp Thomas ) + +- Avoid segmentation fault in "sort -d" and "sort -M" with long line input + (bnc#798538, VUL-1) + + * src/sort.c: Instead of usig unreliable alloca() stack allocation, + use heap allocation via xmalloc()+free(). + (coreutils-i18n.patch, from Philipp Thomas ) - Avoid segmentation fault in "uniq" with long line input (bnc#796243, VUL-1)