42 lines
1.3 KiB
Diff
42 lines
1.3 KiB
Diff
|
-- Subject: Crash with file-5.28/libmagic and rpmbuild
|
||
|
|
||
|
| Hi,
|
||
|
|
|
||
|
| interesting crash with libmagic from file-5.28 used by rpmbuild or better
|
||
|
| its librpmbuild.so.3. See attached backtrace. It looks like strlcpy()
|
||
|
| runs on a NULL pointer as source. As well as it is not clrear why an
|
||
|
| ascii file like apefooter_8h__incl.md5 with a MD5 sum without line terminat=
|
||
|
| or
|
||
|
| does cause the libmagic to do an uncompress:
|
||
|
|
|
||
|
| file /home/abuild/rpmbuild/BUILDROOT/taglib-1.11-0.x86_64/usr/share/doc/pa=
|
||
|
| ckages/libtag-devel/html/apefooter_8h__incl.md5
|
||
|
| /home/abuild/rpmbuild/BUILDROOT/taglib-1.11-0.x86_64/usr/share/doc/package=
|
||
|
| s/libtag-devel/html/apefooter_8h__incl.md5: ASCII text, with no line termin=
|
||
|
| ators
|
||
|
|
|
||
|
|
||
|
It has been fixed on HEAD:
|
||
|
|
||
|
Best,
|
||
|
|
||
|
christos
|
||
|
|
||
|
Index: src/compress.c
|
||
|
===================================================================
|
||
|
RCS file: /p/file/cvsroot/file/src/compress.c,v
|
||
|
retrieving revision 1.97
|
||
|
retrieving revision 1.98
|
||
|
diff -u -r1.97 -r1.98
|
||
|
--- src/compress.c 13 May 2016 23:02:28 -0000 1.97
|
||
|
+++ src/compress.c 28 Jun 2016 16:38:26 -0000 1.98
|
||
|
@@ -517,7 +517,7 @@
|
||
|
|
||
|
return OKDATA;
|
||
|
err:
|
||
|
- strlcpy((char *)*newch, z.msg, bytes_max);
|
||
|
+ strlcpy((char *)*newch, z.msg ? z.msg : zError(rc), bytes_max);
|
||
|
*n = strlen((char *)*newch);
|
||
|
return ERRDATA;
|
||
|
}
|