testing/coreutils
SHA256
3
0
Fork 0
forked from pool/coreutils
Code Pull Requests Activity

- Add upstream patch (gnu#16872):

Browse Source 
* coreutils-date-avoid-crash-in-TZ-parsing.patch: Add patch for
  date: fix crash or infinite loop when parsing a malformed TZ="".

OBS-URL: https://build.opensuse.org/package/show/Base:System/coreutils?expand=0&rev=230
This commit is contained in:
Bernhard Voelker 2014-03-16 19:47:49 +00:00 committed by Git OBS Bridge
parent ccd1e01093
commit 5d2bf6212b
5 changed files with 176 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
coreutils-date-avoid-crash-in-TZ-parsing.patch Normal file
View File

@ -0,0 +1,154 @@
Port upstream fix for date(1), to be removed with v8.23:
date could crash or go into an infinite loop when parsing a malformed TZ="".
[bug introduced with the --date='TZ="" ..' parsing feature in coreutils-5.3.0]
This patch consists of 2 upstream commits:
http://git.sv.gnu.org/cgit/gnulib.git/commit/?id=a10acfb1d2
http://git.sv.gnu.org/cgit/coreutils.git/commit/?id=a4faa6a0a3
While the former commit in gnulib actually fixes the issue (and adds a test
there), the latter commit in upstream coreutils pulls in that change from
gnulib and adds a test for the previously crashing date(1) command.
-----------------------------------------------
commit a10acfb1d2118f9a180181d3fed5399dbbe1df3c
Author: Pádraig Brady <P@draigBrady.com>
Date: Tue Feb 25 10:58:48 2014 +0000
parse-datetime: fix crash or infloop in TZ="" parsing
This was reported in http://bugs.gnu.org/16872
from the coreutils command: date -d 'TZ="""'
The infinite loop for this case was present since the
initial TZ="" parsing support in commit de95bdc2 29-10-2004.
This was changed to a crash or heap corruption depending
on the platform with commit 2e3e4195 18-01-2010.
* lib/parse-datetime.y (parse_datetime): Break out of the
TZ="" parsing loop once the second significant " is found.
Also skip over any subsequent whitespace to be consistent
with the non TZ= case.
* tests/test-parse-datetime.c: Add test cases for TZ="" parsing.
Omit the NEWS entry from the original patch.
-----------------------------------------------
commit a4faa6a0a3ae93c01d036d830ae7a21b74913baf
Author: Pádraig Brady <P@draigBrady.com>
Date: Thu Feb 27 23:43:34 2014 +0000
date: fix crash or infinite loop when parsing a malformed TZ=""
* gnulib: Update to incorporate the fix.
This is the only change in this gnulib update.
* tests/misc/date.pl: Add a test for this case.
Fixes http://bugs.gnu.org/16872
Omit the NEWS entry from the original patch.
---
gnulib-tests/test-parse-datetime.c | 16 ++++++++++++++++
lib/parse-datetime.c | 7 +++++--
lib/parse-datetime.y | 7 +++++--
tests/misc/date.pl | 7 +++++++
4 files changed, 33 insertions(+), 4 deletions(-)
Index: lib/parse-datetime.y
===================================================================
--- lib/parse-datetime.y.orig
+++ lib/parse-datetime.y
@@ -1303,8 +1303,6 @@ parse_datetime (struct timespec *result,
char tz1buf[TZBUFSIZE];
bool large_tz = TZBUFSIZE < tzsize;
bool setenv_ok;
- /* Free tz0, in case this is the 2nd or subsequent time through. */
- free (tz0);
tz0 = get_tz (tz0buf);
z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf;
for (s = tzbase; *s != '"'; s++)
@@ -1316,7 +1314,12 @@ parse_datetime (struct timespec *result,
if (!setenv_ok)
goto fail;
tz_was_altered = true;
+
p = s + 1;
+ while (c = *p, c_isspace (c))
+ p++;
+
+ break;
}
}
Index: lib/parse-datetime.c
===================================================================
--- lib/parse-datetime.c.orig
+++ lib/parse-datetime.c
@@ -3207,8 +3207,6 @@ parse_datetime (struct timespec *result,
char tz1buf[TZBUFSIZE];
bool large_tz = TZBUFSIZE < tzsize;
bool setenv_ok;
- /* Free tz0, in case this is the 2nd or subsequent time through. */
- free (tz0);
tz0 = get_tz (tz0buf);
z = tz1 = large_tz ? xmalloc (tzsize) : tz1buf;
for (s = tzbase; *s != '"'; s++)
@@ -3220,7 +3218,12 @@ parse_datetime (struct timespec *result,
if (!setenv_ok)
goto fail;
tz_was_altered = true;
+
p = s + 1;
+ while (c = *p, c_isspace (c))
+ p++;
+
+ break;
}
}
Index: tests/misc/date.pl
===================================================================
--- tests/misc/date.pl.orig
+++ tests/misc/date.pl
@@ -287,6 +287,13 @@ my @Tests =
{ERR => "date: invalid date '\\260'\n"},
{EXIT => 1},
],
+
+ # From coreutils-5.3.0 to 8.22 inclusive
+ # this would either infinite loop or crash
+ ['invalid-TZ-crash', "-d 'TZ=\"\"\"'",
+ {ERR => "date: invalid date 'TZ=\"\"\"'\n"},
+ {EXIT => 1},
+ ],
);
# Repeat the cross-dst test, using Jan 1, 2005 and every interval from 1..364.
Index: gnulib-tests/test-parse-datetime.c
===================================================================
--- gnulib-tests/test-parse-datetime.c.orig
+++ gnulib-tests/test-parse-datetime.c
@@ -419,5 +419,21 @@ main (int argc _GL_UNUSED, char **argv)
starting with a high-bit-set byte would be treated like "0". */
ASSERT ( ! parse_datetime (&result, "\xb0", &now));
+ /* Exercise TZ="" parsing code. */
+ /* These two would infloop or segfault before Feb 2014. */
+ ASSERT ( ! parse_datetime (&result, "TZ=\"\"\"", &now));
+ ASSERT ( ! parse_datetime (&result, "TZ=\"\" \"", &now));
+ /* Exercise invalid patterns. */
+ ASSERT ( ! parse_datetime (&result, "TZ=\"", &now));
+ ASSERT ( ! parse_datetime (&result, "TZ=\"\\\"", &now));
+ ASSERT ( ! parse_datetime (&result, "TZ=\"\\n", &now));
+ ASSERT ( ! parse_datetime (&result, "TZ=\"\\n\"", &now));
+ /* Exercise valid patterns. */
+ ASSERT ( parse_datetime (&result, "TZ=\"\"", &now));
+ ASSERT ( parse_datetime (&result, "TZ=\"\" ", &now));
+ ASSERT ( parse_datetime (&result, " TZ=\"\"", &now));
+ ASSERT ( parse_datetime (&result, "TZ=\"\\\\\"", &now));
+ ASSERT ( parse_datetime (&result, "TZ=\"\\\"\"", &now));
+
return 0;
}

7
coreutils-testsuite.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Sun Mar 16 19:28:34 UTC 2014 - mail@bernhard-voelker.de
- Add upstream patch (gnu#16872):
* coreutils-date-avoid-crash-in-TZ-parsing.patch: Add patch for
date: fix crash or infinite loop when parsing a malformed TZ="".
-------------------------------------------------------------------
Sun Mar 16 16:00:15 UTC 2014 - mail@bernhard-voelker.de

4
coreutils-testsuite.spec
View File

@ -135,6 +135,9 @@ Patch304: coreutils-test-avoid-FP-when-no-ACL-support.patch
# ln: with -sr, don't segfault for a TARGET of ''
Patch305: coreutils-ln-avoid-segfault-for-empty-target.patch
# Upstream patch for date(1), to be removed with v8.23:
Patch306: coreutils-date-avoid-crash-in-TZ-parsing.patch
# ================================================
%description
These are the GNU core utilities. This package is the union of
@ -177,6 +180,7 @@ the GNU fileutils, sh-utils, and textutils packages.
%patch303
%patch304
%patch305
%patch306
#???## We need to statically link to gmp, otherwise we have a build loop
#???#sed -i s,'$(LIB_GMP)',%%{_libdir}/libgmp.a,g Makefile.in

7
coreutils.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Sun Mar 16 19:28:34 UTC 2014 - mail@bernhard-voelker.de
- Add upstream patch (gnu#16872):
* coreutils-date-avoid-crash-in-TZ-parsing.patch: Add patch for
date: fix crash or infinite loop when parsing a malformed TZ="".
-------------------------------------------------------------------
Sun Mar 16 16:00:15 UTC 2014 - mail@bernhard-voelker.de

4
coreutils.spec
View File

@ -135,6 +135,9 @@ Patch304: coreutils-test-avoid-FP-when-no-ACL-support.patch
# ln: with -sr, don't segfault for a TARGET of ''
Patch305: coreutils-ln-avoid-segfault-for-empty-target.patch
# Upstream patch for date(1), to be removed with v8.23:
Patch306: coreutils-date-avoid-crash-in-TZ-parsing.patch
# ================================================
%description
These are the GNU core utilities. This package is the union of
@ -177,6 +180,7 @@ the GNU fileutils, sh-utils, and textutils packages.
%patch303
%patch304
%patch305
%patch306
#???## We need to statically link to gmp, otherwise we have a build loop
#???#sed -i s,'$(LIB_GMP)',%%{_libdir}/libgmp.a,g Makefile.in