forked from pool/gettext-runtime
632fef5eda
added an upstream patch to fix a leftover bug OBS-URL: https://build.opensuse.org/request/show/290262 OBS-URL: https://build.opensuse.org/package/show/Base:System/gettext-runtime?expand=0&rev=106
75 lines
2.7 KiB
Diff
75 lines
2.7 KiB
Diff
From 5d3eeaa0d3b7f4f6932bd29d859925a940b69459 Mon Sep 17 00:00:00 2001
|
|
From: Daiki Ueno <ueno@gnu.org>
|
|
Date: Wed, 11 Mar 2015 16:18:26 +0900
|
|
Subject: [PATCH] msgunfmt: Check allocated size for static segment
|
|
|
|
Reported by Max Lin in:
|
|
http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html
|
|
* read-mo.c (get_sysdep_string): Check if the embedded segment
|
|
size is valid, before adding it to the string length.
|
|
---
|
|
gettext-tools/src/ChangeLog | 8 ++++++++
|
|
gettext-tools/src/read-mo.c | 11 +++++++----
|
|
2 files changed, 15 insertions(+), 4 deletions(-)
|
|
|
|
--- a/gettext-tools/src/read-mo.c
|
|
+++ b/gettext-tools/src/read-mo.c
|
|
@@ -149,6 +149,7 @@ get_sysdep_string (const struct binary_m
|
|
nls_uint32 s_offset;
|
|
|
|
/* Compute the length. */
|
|
+ s_offset = get_uint32 (bfp, offset);
|
|
length = 0;
|
|
for (i = 4; ; i += 8)
|
|
{
|
|
@@ -158,9 +159,14 @@ get_sysdep_string (const struct binary_m
|
|
nls_uint32 ss_length;
|
|
nls_uint32 ss_offset;
|
|
size_t ss_end;
|
|
+ size_t s_end;
|
|
size_t n;
|
|
|
|
+ s_end = xsum (s_offset, segsize);
|
|
+ if (size_overflow_p (s_end) || s_end > bfp->size)
|
|
+ error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename);
|
|
length += segsize;
|
|
+ s_offset += segsize;
|
|
|
|
if (sysdepref == SEGMENTS_END)
|
|
break;
|
|
@@ -175,7 +181,7 @@ get_sysdep_string (const struct binary_m
|
|
ss_end = xsum (ss_offset, ss_length);
|
|
if (size_overflow_p (ss_end) || ss_end > bfp->size)
|
|
error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename);
|
|
- if (!(ss_length > 0 && bfp->data[ss_offset + ss_length - 1] == '\0'))
|
|
+ if (!(ss_length > 0 && bfp->data[ss_end - 1] == '\0'))
|
|
{
|
|
char location[30];
|
|
sprintf (location, "sysdep_segment[%u]", (unsigned int) sysdepref);
|
|
@@ -198,11 +204,8 @@ get_sysdep_string (const struct binary_m
|
|
nls_uint32 sysdep_segment_offset;
|
|
nls_uint32 ss_length;
|
|
nls_uint32 ss_offset;
|
|
- size_t s_end = xsum (s_offset, segsize);
|
|
size_t n;
|
|
|
|
- if (size_overflow_p (s_end) || s_end > bfp->size)
|
|
- error (EXIT_FAILURE, 0, _("file \"%s\" is truncated"), bfp->filename);
|
|
memcpy (p, bfp->data + s_offset, segsize);
|
|
p += segsize;
|
|
s_offset += segsize;
|
|
--- a/gettext-tools/src/ChangeLog
|
|
+++ b/gettext-tools/src/ChangeLog
|
|
@@ -1,3 +1,11 @@
|
|
+2015-03-11 Daiki Ueno <ueno@gnu.org>
|
|
+
|
|
+ msgunfmt: Check allocated size for static segment
|
|
+ Reported by Max Lin in:
|
|
+ http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html
|
|
+ * read-mo.c (get_sysdep_string): Check if the embedded segment
|
|
+ size is valid, before adding it to the string length.
|
|
+
|
|
2014-12-24 Daiki Ueno <ueno@gnu.org>
|
|
|
|
* gettext 0.19.4 released.
|