SHA256
1
0
forked from pool/coreutils

- Avoid segmentation fault in "join -i" with long line input (bnc#798541, VUL-1)

* src/join.c: Instead of usig unreliable alloca() stack allocation,
    use heap allocation via xmalloc()+free().
    (coreutils-i18n.patch, from Philipp Thomas <pth@suse.de>)
- Avoid segmentation fault in "sort -d" and "sort -M" with long line input
  (bnc#798538, VUL-1)
  * src/sort.c: Instead of usig unreliable alloca() stack allocation,
    use heap allocation via xmalloc()+free().
    (coreutils-i18n.patch, from Philipp Thomas <pth@suse.de>)

OBS-URL: https://build.opensuse.org/package/show/Base:System/coreutils?expand=0&rev=173
This commit is contained in:
Bernhard Voelker 2013-01-17 16:45:17 +00:00 committed by Git OBS Bridge
parent 26558dd009
commit 94e801cf55
5 changed files with 73 additions and 27 deletions

View File

@ -2,7 +2,7 @@ Index: src/sort.c
=================================================================== ===================================================================
--- src/sort.c.orig --- src/sort.c.orig
+++ src/sort.c +++ src/sort.c
@@ -5286,7 +5286,11 @@ main (int argc, char **argv) @@ -5291,7 +5291,11 @@ main (int argc, char **argv)
{ {
if (!nthreads) if (!nthreads)
{ {

View File

@ -1469,7 +1469,7 @@ Index: src/join.c
static void static void
freeline (struct line *line) freeline (struct line *line)
{ {
@@ -313,56 +472,115 @@ keycmp (struct line const *line1, struct @@ -313,56 +472,130 @@ keycmp (struct line const *line1, struct
size_t jf_1, size_t jf_2) size_t jf_1, size_t jf_2)
{ {
/* Start of field to compare in each file. */ /* Start of field to compare in each file. */
@ -1483,6 +1483,7 @@ Index: src/join.c
+ size_t len[2]; /* Length of fields to compare. */ + size_t len[2]; /* Length of fields to compare. */
int diff; int diff;
+ int i, j; + int i, j;
+ int mallocd = 0;
if (jf_1 < line1->nfields) if (jf_1 < line1->nfields)
{ {
@ -1538,7 +1539,8 @@ Index: src/join.c
+ +
+ for (i = 0; i < 2; i++) + for (i = 0; i < 2; i++)
+ { + {
+ copy[i] = alloca (len[i] + 1); + mallocd = 1;
+ copy[i] = xmalloc (len[i] + 1);
+ +
+ for (j = 0; j < MIN (len[0], len[1]);) + for (j = 0; j < MIN (len[0], len[1]);)
+ { + {
@ -1578,7 +1580,8 @@ Index: src/join.c
+ { + {
+ for (i = 0; i < 2; i++) + for (i = 0; i < 2; i++)
+ { + {
+ copy[i] = alloca (len[i] + 1); + mallocd = 1;
+ copy[i] = xmalloc (len[i] + 1);
+ +
+ for (j = 0; j < MIN (len[0], len[1]); j++) + for (j = 0; j < MIN (len[0], len[1]); j++)
+ copy[i][j] = toupper (beg[i][j]); + copy[i][j] = toupper (beg[i][j]);
@ -1594,12 +1597,24 @@ Index: src/join.c
- diff = memcmp (beg1, beg2, MIN (len1, len2)); - diff = memcmp (beg1, beg2, MIN (len1, len2));
+ copy[0] = (unsigned char *) beg[0]; + copy[0] = (unsigned char *) beg[0];
+ copy[1] = (unsigned char *) beg[1]; + copy[1] = (unsigned char *) beg[1];
+ }
+
+ if (hard_LC_COLLATE)
+ {
+ diff = xmemcoll ((char *) copy[0], len[0], (char *) copy[1], len[1]);
+
+ if (mallocd)
+ for (i = 0; i < 2; i++)
+ free (copy[i]);
+
+ return diff;
} }
+ if (hard_LC_COLLATE)
+ return xmemcoll ((char *) copy[0], len[0], (char *) copy[1], len[1]);
+ diff = memcmp (copy[0], copy[1], MIN (len[0], len[1])); + diff = memcmp (copy[0], copy[1], MIN (len[0], len[1]));
+ +
+ if (mallocd)
+ for (i = 0; i < 2; i++)
+ free (copy[i]);
+ +
if (diff) if (diff)
return diff; return diff;
@ -1608,7 +1623,7 @@ Index: src/join.c
} }
/* Check that successive input lines PREV and CURRENT from input file /* Check that successive input lines PREV and CURRENT from input file
@@ -454,6 +672,12 @@ get_line (FILE *fp, struct line **linep, @@ -454,6 +687,12 @@ get_line (FILE *fp, struct line **linep,
} }
++line_no[which - 1]; ++line_no[which - 1];
@ -1621,7 +1636,7 @@ Index: src/join.c
xfields (line); xfields (line);
if (prevline[which - 1]) if (prevline[which - 1])
@@ -552,22 +776,29 @@ prfield (size_t n, struct line const *li @@ -552,22 +791,29 @@ prfield (size_t n, struct line const *li
} }
/* Output all the fields in line, other than the join field. */ /* Output all the fields in line, other than the join field. */
@ -1654,7 +1669,7 @@ Index: src/join.c
prfield (i, line); prfield (i, line);
} }
} }
@@ -578,7 +809,6 @@ static void @@ -578,7 +824,6 @@ static void
prjoin (struct line const *line1, struct line const *line2) prjoin (struct line const *line1, struct line const *line2)
{ {
const struct outlist *outlist; const struct outlist *outlist;
@ -1662,7 +1677,7 @@ Index: src/join.c
size_t field; size_t field;
struct line const *line; struct line const *line;
@@ -612,7 +842,7 @@ prjoin (struct line const *line1, struct @@ -612,7 +857,7 @@ prjoin (struct line const *line1, struct
o = o->next; o = o->next;
if (o == NULL) if (o == NULL)
break; break;
@ -1671,7 +1686,7 @@ Index: src/join.c
} }
putchar ('\n'); putchar ('\n');
} }
@@ -1090,21 +1320,46 @@ main (int argc, char **argv) @@ -1090,21 +1335,46 @@ main (int argc, char **argv)
case 't': case 't':
{ {
@ -3038,7 +3053,7 @@ Index: src/sort.c
&& ((!key->skipsblanks && !(implicit_skip || maybe_space_aligned)) && ((!key->skipsblanks && !(implicit_skip || maybe_space_aligned))
|| (!key->skipsblanks && key->schar) || (!key->skipsblanks && key->schar)
|| (!key->skipeblanks && key->echar))) || (!key->skipeblanks && key->echar)))
@@ -2442,11 +2804,83 @@ key_warnings (struct keyfield const *gke @@ -2442,11 +2804,87 @@ key_warnings (struct keyfield const *gke
error (0, 0, _("option '-r' only applies to last-resort comparison")); error (0, 0, _("option '-r' only applies to last-resort comparison"));
} }
@ -3065,13 +3080,13 @@ Index: src/sort.c
+ if (len == 0) + if (len == 0)
+ return 0; + return 0;
+ +
+ month = (char *) alloca (len + 1); + month = (char *) xmalloc (len + 1);
+ +
+ tmp = (char *) alloca (len + 1); + tmp = (char *) xmalloc (len + 1);
+ memcpy (tmp, s, len); + memcpy (tmp, s, len);
+ tmp[len] = '\0'; + tmp[len] = '\0';
+ pp = (const char **)&tmp; + pp = (const char **)&tmp;
+ month_wcs = (wchar_t *) alloca ((len + 1) * sizeof (wchar_t)); + month_wcs = (wchar_t *) xmalloc ((len + 1) * sizeof (wchar_t));
+ memset (&state, '\0', sizeof(mbstate_t)); + memset (&state, '\0', sizeof(mbstate_t));
+ +
+ wclength = mbsrtowcs (month_wcs, pp, len + 1, &state); + wclength = mbsrtowcs (month_wcs, pp, len + 1, &state);
@ -3110,6 +3125,10 @@ Index: src/sort.c
+ result = (!strncmp (month, monthtab[lo].name, strlen (monthtab[lo].name)) + result = (!strncmp (month, monthtab[lo].name, strlen (monthtab[lo].name))
+ ? monthtab[lo].val : 0); + ? monthtab[lo].val : 0);
+ +
+ free (month);
+ free (tmp);
+ free (month_wcs);
+
+ return result; + return result;
+} +}
+#endif +#endif
@ -3123,7 +3142,7 @@ Index: src/sort.c
{ {
struct keyfield *key = keylist; struct keyfield *key = keylist;
@@ -2531,7 +2965,7 @@ keycompare (struct line const *a, struct @@ -2531,7 +2969,7 @@ keycompare (struct line const *a, struct
else if (key->human_numeric) else if (key->human_numeric)
diff = human_numcompare (ta, tb); diff = human_numcompare (ta, tb);
else if (key->month) else if (key->month)
@ -3132,7 +3151,7 @@ Index: src/sort.c
else if (key->random) else if (key->random)
diff = compare_random (ta, tlena, tb, tlenb); diff = compare_random (ta, tlena, tb, tlenb);
else if (key->version) else if (key->version)
@@ -2647,6 +3081,180 @@ keycompare (struct line const *a, struct @@ -2647,6 +3085,181 @@ keycompare (struct line const *a, struct
return key->reverse ? -diff : diff; return key->reverse ? -diff : diff;
} }
@ -3188,7 +3207,7 @@ Index: src/sort.c
+ { + {
+ if (ignore || translate) + if (ignore || translate)
+ { + {
+ char *copy_a = (char *) alloca (lena + 1 + lenb + 1); + char *copy_a = xmalloc (lena + 1 + lenb + 1);
+ char *copy_b = copy_a + lena + 1; + char *copy_b = copy_a + lena + 1;
+ size_t new_len_a, new_len_b; + size_t new_len_a, new_len_b;
+ size_t i, j; + size_t i, j;
@ -3264,6 +3283,7 @@ Index: src/sort.c
+ IGNORE_CHARS (new_len_b, lenb, textb, copy_b, + IGNORE_CHARS (new_len_b, lenb, textb, copy_b,
+ wc_b, mblength_b, state_b); + wc_b, mblength_b, state_b);
+ diff = xmemcoll (copy_a, new_len_a, copy_b, new_len_b); + diff = xmemcoll (copy_a, new_len_a, copy_b, new_len_b);
+ free(copy_a);
+ } + }
+ else if (lena == 0) + else if (lena == 0)
+ diff = - NONZERO (lenb); + diff = - NONZERO (lenb);
@ -3313,7 +3333,7 @@ Index: src/sort.c
/* Compare two lines A and B, returning negative, zero, or positive /* Compare two lines A and B, returning negative, zero, or positive
depending on whether A compares less than, equal to, or greater than B. */ depending on whether A compares less than, equal to, or greater than B. */
@@ -4107,7 +4715,7 @@ main (int argc, char **argv) @@ -4107,7 +4720,7 @@ main (int argc, char **argv)
initialize_exit_failure (SORT_FAILURE); initialize_exit_failure (SORT_FAILURE);
hard_LC_COLLATE = hard_locale (LC_COLLATE); hard_LC_COLLATE = hard_locale (LC_COLLATE);
@ -3322,7 +3342,7 @@ Index: src/sort.c
hard_LC_TIME = hard_locale (LC_TIME); hard_LC_TIME = hard_locale (LC_TIME);
#endif #endif
@@ -4128,6 +4736,29 @@ main (int argc, char **argv) @@ -4128,6 +4741,29 @@ main (int argc, char **argv)
thousands_sep = -1; thousands_sep = -1;
} }
@ -3352,7 +3372,7 @@ Index: src/sort.c
have_read_stdin = false; have_read_stdin = false;
inittables (); inittables ();
@@ -4398,13 +5029,34 @@ main (int argc, char **argv) @@ -4398,13 +5034,34 @@ main (int argc, char **argv)
case 't': case 't':
{ {
@ -3391,7 +3411,7 @@ Index: src/sort.c
else else
{ {
/* Provoke with 'sort -txx'. Complain about /* Provoke with 'sort -txx'. Complain about
@@ -4415,9 +5067,12 @@ main (int argc, char **argv) @@ -4415,9 +5072,12 @@ main (int argc, char **argv)
quote (optarg)); quote (optarg));
} }
} }
@ -3874,7 +3894,7 @@ Index: src/uniq.c
+ +
+ for (i = 0; i < 2; i++) + for (i = 0; i < 2; i++)
+ { + {
+ copy[i] = xmalloc (sizeof(char) * (len[i] + 1)); + copy[i] = xmalloc (len[i] + 1);
+ +
+ for (j = 0, chars = 0; j < len[i] && chars < check_chars; chars++) + for (j = 0, chars = 0; j < len[i] && chars < check_chars; chars++)
+ { + {

View File

@ -2,7 +2,7 @@ Index: src/join.c
=================================================================== ===================================================================
--- src/join.c.orig --- src/join.c.orig
+++ src/join.c +++ src/join.c
@@ -1320,7 +1320,7 @@ main (int argc, char **argv) @@ -1335,7 +1335,7 @@ main (int argc, char **argv)
case 't': case 't':
{ {
@ -11,7 +11,7 @@ Index: src/join.c
size_t newtablen; size_t newtablen;
newtab = xstrdup (optarg); newtab = xstrdup (optarg);
#if HAVE_MBRTOWC #if HAVE_MBRTOWC
@@ -1342,7 +1342,7 @@ main (int argc, char **argv) @@ -1357,7 +1357,7 @@ main (int argc, char **argv)
newtablen = 1; newtablen = 1;
if (! newtab) if (! newtab)
{ {

View File

@ -1,5 +1,18 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 16 18:26:15 UTC 2013 - mail@bernhard-voelker.de Thu Jan 17 16:41:34 UTC 2013 - mail@bernhard-voelker.de
- Avoid segmentation fault in "join -i" with long line input (bnc#798541, VUL-1)
* src/join.c: Instead of usig unreliable alloca() stack allocation,
use heap allocation via xmalloc()+free().
(coreutils-i18n.patch, from Philipp Thomas <pth@suse.de>)
- Avoid segmentation fault in "sort -d" and "sort -M" with long line input
(bnc#798538, VUL-1)
* src/sort.c: Instead of usig unreliable alloca() stack allocation,
use heap allocation via xmalloc()+free().
(coreutils-i18n.patch, from Philipp Thomas <pth@suse.de>)
- Avoid segmentation fault in "uniq" with long line input (bnc#796243, VUL-1) - Avoid segmentation fault in "uniq" with long line input (bnc#796243, VUL-1)

View File

@ -1,5 +1,18 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 16 18:26:15 UTC 2013 - mail@bernhard-voelker.de Thu Jan 17 16:41:34 UTC 2013 - mail@bernhard-voelker.de
- Avoid segmentation fault in "join -i" with long line input (bnc#798541, VUL-1)
* src/join.c: Instead of usig unreliable alloca() stack allocation,
use heap allocation via xmalloc()+free().
(coreutils-i18n.patch, from Philipp Thomas <pth@suse.de>)
- Avoid segmentation fault in "sort -d" and "sort -M" with long line input
(bnc#798538, VUL-1)
* src/sort.c: Instead of usig unreliable alloca() stack allocation,
use heap allocation via xmalloc()+free().
(coreutils-i18n.patch, from Philipp Thomas <pth@suse.de>)
- Avoid segmentation fault in "uniq" with long line input (bnc#796243, VUL-1) - Avoid segmentation fault in "uniq" with long line input (bnc#796243, VUL-1)