rpm/sratom
SHA256
1
0
Fork 0
forked from pool/sratom
Code Pull Requests Activity

Accepting request 969493 from multimedia:libs

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/969493
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sratom?expand=0&rev=16
This commit is contained in:
Dominique Leuenberger 2022-04-14 15:24:23 +00:00 committed by Git OBS Bridge
commit 96dce02199
3 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
fix-FORTIFY_SOURCE3.patch Normal file
View File

@ -0,0 +1,29 @@
From 03ea6915c99b9ca0d8ac576e4cfd1c2eca62338c Mon Sep 17 00:00:00 2001
From: Martin Liska <mliska@suse.cz>
Date: Mon, 11 Apr 2022 09:14:28 +0200
Subject: [PATCH] Fix buffer overflow detected with -D_FORTIFY_SOURCE=3.
Correctly set maximum buffer length for snprintf call.
Fixes: #5.
---
src/sratom.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/sratom.c b/src/sratom.c
index 692257d..b6ba7ed 100644
--- a/src/sratom.c
+++ b/src/sratom.c
@@ -334,10 +334,11 @@ sratom_write(Sratom* sratom,
new_node = true;
datatype = serd_node_from_string(SERD_URI, USTR(LV2_MIDI__MidiEvent));
- uint8_t* str = (uint8_t*)calloc(size * 2 + 1, 1);
+ size_t strlen = size * 2 + 1;
+ uint8_t* str = (uint8_t*)calloc(strlen, 1);
for (uint32_t i = 0; i < size; ++i) {
snprintf((char*)str + (2 * i),
- size * 2 + 1,
+ strlen - (2 * i),
"%02X",
(unsigned)*((const uint8_t*)body + i));
}

6
sratom.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Apr 12 08:35:33 UTC 2022 - Martin Liška <mliska@suse.cz>
- Add fix-FORTIFY_SOURCE3.patch that is suggested to upstream:
gh#lv2/sratom#6
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Mar 8 23:14:31 UTC 2021 - Dirk Müller <dmueller@suse.com> Mon Mar 8 23:14:31 UTC 2021 - Dirk Müller <dmueller@suse.com>

5
sratom.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package sratom # spec file for package sratom
# #
# Copyright (c) 2021 SUSE LLC # Copyright (c) 2022 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -26,6 +26,7 @@ Group: Development/Libraries/C and C++
URL: http://drobilla.net/software/sratom/ URL: http://drobilla.net/software/sratom/
Source0: http://download.drobilla.net/sratom-%{version}.tar.bz2 Source0: http://download.drobilla.net/sratom-%{version}.tar.bz2
Source1: baselibs.conf Source1: baselibs.conf
Patch0: fix-FORTIFY_SOURCE3.patch
BuildRequires: doxygen BuildRequires: doxygen
BuildRequires: graphviz BuildRequires: graphviz
BuildRequires: pkgconfig BuildRequires: pkgconfig
@ -55,7 +56,7 @@ Obsoletes: libsratom-0-devel < %{version}
Development files for libsratom. Development files for libsratom.
%prep %prep
%setup -q %autosetup -p1
%build %build
export CFLAGS='%{optflags} -std=gnu99' export CFLAGS='%{optflags} -std=gnu99'